Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0537

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2001-0537
Last Modified 05 Sep 2008 12:00:00
Published 21 Jul 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2001-0537

Summary

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Vulnerable Systems

Operating System

  • Cisco Ios 11.3

  • Cisco Ios 11.3aa

  • Cisco Ios 11.3da

  • Cisco Ios 11.3db

  • Cisco Ios 11.3ha

  • Cisco Ios 11.3ma

  • Cisco Ios 11.3na

  • Cisco Ios 11.3t

  • Cisco Ios 11.3xa

  • Cisco Ios 12.0

  • Cisco Ios 12.0%2810%29w5%2818g%29

  • Cisco Ios 12.0%2814%29w5%2820%29

  • Cisco Ios 12.0%285%29xk

  • Cisco Ios 12.0%287%29xk

  • Cisco Ios 12.0da

  • Cisco Ios 12.0db

  • Cisco Ios 12.0dc

  • Cisco Ios 12.0s

  • Cisco Ios 12.0sc

  • Cisco Ios 12.0sl

  • Cisco Ios 12.0st

  • Cisco Ios 12.0t

  • Cisco Ios 12.0wc

  • Cisco Ios 12.0wt

  • Cisco Ios 12.0xa

  • Cisco Ios 12.0xb

  • Cisco Ios 12.0xc

  • Cisco Ios 12.0xd

  • Cisco Ios 12.0xe

  • Cisco Ios 12.0xf

  • Cisco Ios 12.0xg

  • Cisco Ios 12.0xh

  • Cisco Ios 12.0xi

  • Cisco Ios 12.0xj

  • Cisco Ios 12.0xl

  • Cisco Ios 12.0xm

  • Cisco Ios 12.0xn

  • Cisco Ios 12.0xp

  • Cisco Ios 12.0xq

  • Cisco Ios 12.0xr

  • Cisco Ios 12.0xs

  • Cisco Ios 12.0xu

  • Cisco Ios 12.0xv

  • Cisco Ios 12.1

  • Cisco Ios 12.1aa

  • Cisco Ios 12.1cx

  • Cisco Ios 12.1da

  • Cisco Ios 12.1db

  • Cisco Ios 12.1dc

  • Cisco Ios 12.1e

  • Cisco Ios 12.1ec

  • Cisco Ios 12.1ex

  • Cisco Ios 12.1ey

  • Cisco Ios 12.1ez

  • Cisco Ios 12.1t

  • Cisco Ios 12.1xa

  • Cisco Ios 12.1xb

  • Cisco Ios 12.1xc

  • Cisco Ios 12.1xd

  • Cisco Ios 12.1xe

  • Cisco Ios 12.1xf

  • Cisco Ios 12.1xg

  • Cisco Ios 12.1xh

  • Cisco Ios 12.1xi

  • Cisco Ios 12.1xj

  • Cisco Ios 12.1xk

  • Cisco Ios 12.1xl

  • Cisco Ios 12.1xm

  • Cisco Ios 12.1xp

  • Cisco Ios 12.1xq

  • Cisco Ios 12.1xr

  • Cisco Ios 12.1xs

  • Cisco Ios 12.1xt

  • Cisco Ios 12.1xu

  • Cisco Ios 12.1xv

  • Cisco Ios 12.1xw

  • Cisco Ios 12.1xx

  • Cisco Ios 12.1xy

  • Cisco Ios 12.1xz

  • Cisco Ios 12.1ya

  • Cisco Ios 12.1yb

  • Cisco Ios 12.1yc

  • Cisco Ios 12.1yd

  • Cisco Ios 12.1yf

  • Cisco Ios 12.2

  • Cisco Ios 12.2t

  • Cisco Ios 12.2xa

  • Cisco Ios 12.2xd

  • Cisco Ios 12.2xe

  • Cisco Ios 12.2xh

  • Cisco Ios 12.2xq


References

CERT - CA-2001-14

BID - 2936

CISCO - 20010627 IOS HTTP authorization vulnerability

XF - cisco-ios-admin-access(6749)

BUGTRAQ - 20010702 Cisco device HTTP exploit...

BUGTRAQ - 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability

BUGTRAQ - 20010702 ios-http-auth.sh

BUGTRAQ - 20010702 Cisco IOS HTTP Configuration Exploit

OSVDB - 578

CIAC - L-106


Last Updated: 27 May 2016 10:36:18