Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2001-0537

Published: 21/07/2001 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 950
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ios

Vulnerability Summary

HTTP server for Cisco IOS 11.3 to 12.2 allows malicious users to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios 12.1xg

cisco ios 12.0xc

cisco ios 11.3xa

cisco ios 12.0xr

cisco ios 12.1xm

cisco ios 12.1xi

cisco ios 12.0st

cisco ios 12.1e

cisco ios 12.1xc

cisco ios 11.3ma

cisco ios 12.1xp

cisco ios 12.1ya

cisco ios 12.1yd

cisco ios 12.0dc

cisco ios 12.0xq

cisco ios 12.1xs

cisco ios 12.2xe

cisco ios 12.0xe

cisco ios 12.1xy

cisco ios 12.0xd

cisco ios 11.3na

cisco ios 12.1xz

cisco ios 12.2xh

cisco ios 12.0xj

cisco ios 11.3da

cisco ios 12.1t

cisco ios 12.1xr

cisco ios 12.1db

cisco ios 12.0\\(7\\)xk

cisco ios 12.1xe

cisco ios 12.0xl

cisco ios 12.0xs

cisco ios 12.1xb

cisco ios 12.1yf

cisco ios 12.1xl

cisco ios 12.2t

cisco ios 12.0xb

cisco ios 12.1xk

cisco ios 12.0xh

cisco ios 12.0t

cisco ios 12.1xw

cisco ios 12.0\\(10\\)w5\\(18g\\)

cisco ios 12.1yb

cisco ios 12.0xu

cisco ios 12.1dc

cisco ios 12.1ex

cisco ios 11.3

cisco ios 12.1

cisco ios 12.0sl

cisco ios 11.3db

cisco ios 12.0db

cisco ios 12.1ec

cisco ios 11.3aa

cisco ios 12.1cx

cisco ios 12.0\\(14\\)w5\\(20\\)

cisco ios 12.1xh

cisco ios 12.0xa

cisco ios 12.1xu

cisco ios 12.0sc

cisco ios 12.1xj

cisco ios 12.1aa

cisco ios 12.0xn

cisco ios 12.0da

cisco ios 12.1xx

cisco ios 11.3ha

cisco ios 12.0wc

cisco ios 12.1ey

cisco ios 11.3t

cisco ios 12.0xm

cisco ios 12.1xd

cisco ios 12.1ez

cisco ios 12.2xd

cisco ios 12.1xq

cisco ios 12.0s

cisco ios 12.0wt

cisco ios 12.2xq

cisco ios 12.1xf

cisco ios 12.1da

cisco ios 12.2

cisco ios 12.1xa

cisco ios 12.0xg

cisco ios 12.0

cisco ios 12.1yc

cisco ios 12.0\\(5\\)xk

cisco ios 12.0xp

cisco ios 12.0xv

cisco ios 12.2xa

cisco ios 12.1xt

cisco ios 12.0xf

cisco ios 12.0xi

cisco ios 12.1xv

Vendor Advisories

Cisco: IOS HTTP Authorization Vulnerability
When the HTTP server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device In that case, the user will be able to exercise complete control over the device All commands will be executed with the highest privilege (level 15) All releases ...

Exploits

Exploit DB: Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (1)
# source: wwwsecurityfocuscom/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems IOS functions on numerous Cisco devices, including routers and switches # # It is possible to gain full remote administrative access on devices using affected releases of IOS By using a URL of routeraddress/level/$ ...
Exploit DB: Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (4)
# source: wwwsecurityfocuscom/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems IOS functions on numerous Cisco devices, including routers and switches # # It is possible to gain full remote administrative access on devices using affected releases of IOS By using a URL of routeraddress/l ...
Exploit DB: Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (2)
/* source: wwwsecurityfocuscom/bid/2936/info IOS is router firmware developed and distributed by Cisco Systems IOS functions on numerous Cisco devices, including routers and switches It is possible to gain full remote administrative access on devices using affected releases of IOS By using a URL of routeraddress/level/$NUMBE ...
Exploit DB: Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (3)
# source: wwwsecurityfocuscom/bid/2936/info # # IOS is router firmware developed and distributed by Cisco Systems IOS functions on numerous Cisco devices, including routers and switches # # It is possible to gain full remote administrative access on devices using affected releases of IOS By using a URL of routeraddress/lev ...

References

CWE-287http://www.cisco.com/warp/public/707/IOS-httplevel-pub.htmlhttp://www.cert.org/advisories/CA-2001-14.htmlhttp://www.securityfocus.com/bid/2936http://www.ciac.org/ciac/bulletins/l-106.shtmlhttp://www.osvdb.org/578https://exchange.xforce.ibmcloud.com/vulnerabilities/6749http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.comhttp://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.comhttp://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.orghttp://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.eduhttps://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20010627-ios-http-levelhttps://www.exploit-db.com/exploits/20975/https://www.kb.cert.org/vuls/id/812515
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook