CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2001-0537

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
Publish Date : 2001-07-21 Last Update Date : 2008-09-05
Collapse All   Expand All   Select   Select&Copy  
Related Tweets   Even more tweets   Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

Cvss Score
9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access Admin
Vulnerability Type(s) Execute CodeBypass a restriction or similar
CWE ID 287

- Related OVAL Definitions

Title Definition Id Class Family
Cisco IOS HTTP Authorization Circumvention Vulnerability oval:org.mitre.oval:def:5663 ios
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2001-0537

# Product Type Vendor Product Version Update Edition Language
1 OS Cisco IOS 11.3db Details Vulnerabilities
2 OS Cisco IOS 11.3ha Details Vulnerabilities
3 OS Cisco IOS 11.3ma Details Vulnerabilities
4 OS Cisco IOS 11.3 Details Vulnerabilities
5 OS Cisco IOS 11.3na Details Vulnerabilities
6 OS Cisco IOS 11.3aa Details Vulnerabilities
7 OS Cisco IOS 11.3t Details Vulnerabilities
8 OS Cisco IOS 11.3da Details Vulnerabilities
9 OS Cisco IOS 11.3xa Details Vulnerabilities
10 OS Cisco IOS 12.0xm Details Vulnerabilities
11 OS Cisco IOS 12.0sl Details Vulnerabilities
12 OS Cisco IOS 12.0xg Details Vulnerabilities
13 OS Cisco IOS 12.0da Details Vulnerabilities
14 OS Cisco IOS 12.0xu Details Vulnerabilities
15 OS Cisco IOS 12.0xb Details Vulnerabilities
16 OS Cisco IOS 12.0 Details Vulnerabilities
17 OS Cisco IOS 12.0xn Details Vulnerabilities
18 OS Cisco IOS 12.0st Details Vulnerabilities
19 OS Cisco IOS 12.0db Details Vulnerabilities
20 OS Cisco IOS 12.0xh Details Vulnerabilities
21 OS Cisco IOS 12.0xv Details Vulnerabilities
22 OS Cisco IOS 12.0xc Details Vulnerabilities
23 OS Cisco IOS 12.0(10)w5(18g) Details Vulnerabilities
24 OS Cisco IOS 12.0xp Details Vulnerabilities
25 OS Cisco IOS 12.0t Details Vulnerabilities
26 OS Cisco IOS 12.0xi Details Vulnerabilities
27 OS Cisco IOS 12.0dc Details Vulnerabilities
28 OS Cisco IOS 12.0xd Details Vulnerabilities
29 OS Cisco IOS 12.0(14)w5(20) Details Vulnerabilities
30 OS Cisco IOS 12.0xq Details Vulnerabilities
31 OS Cisco IOS 12.0wc Details Vulnerabilities
32 OS Cisco IOS 12.0xj Details Vulnerabilities
33 OS Cisco IOS 12.0s Details Vulnerabilities
34 OS Cisco IOS 12.0xe Details Vulnerabilities
35 OS Cisco IOS 12.0(5)xk Details Vulnerabilities
36 OS Cisco IOS 12.0xr Details Vulnerabilities
37 OS Cisco IOS 12.0wt Details Vulnerabilities
38 OS Cisco IOS 12.0xl Details Vulnerabilities
39 OS Cisco IOS 12.0sc Details Vulnerabilities
40 OS Cisco IOS 12.0xf Details Vulnerabilities
41 OS Cisco IOS 12.0(7)xk Details Vulnerabilities
42 OS Cisco IOS 12.0xs Details Vulnerabilities
43 OS Cisco IOS 12.0xa Details Vulnerabilities
44 OS Cisco IOS 12.1yf Details Vulnerabilities
45 OS Cisco IOS 12.1xm Details Vulnerabilities
46 OS Cisco IOS 12.1ex Details Vulnerabilities
47 OS Cisco IOS 12.1xz Details Vulnerabilities
48 OS Cisco IOS 12.1xh Details Vulnerabilities
49 OS Cisco IOS 12.1da Details Vulnerabilities
50 OS Cisco IOS 12.1xu Details Vulnerabilities
51 OS Cisco IOS 12.1xc Details Vulnerabilities
52 OS Cisco IOS 12.1xp Details Vulnerabilities
53 OS Cisco IOS 12.1ey Details Vulnerabilities
54 OS Cisco IOS 12.1ya Details Vulnerabilities
55 OS Cisco IOS 12.1xi Details Vulnerabilities
56 OS Cisco IOS 12.1db Details Vulnerabilities
57 OS Cisco IOS 12.1xd Details Vulnerabilities
58 OS Cisco IOS 12.1xv Details Vulnerabilities
59 OS Cisco IOS 12.1xq Details Vulnerabilities
60 OS Cisco IOS 12.1ez Details Vulnerabilities
61 OS Cisco IOS 12.1yb Details Vulnerabilities
62 OS Cisco IOS 12.1xj Details Vulnerabilities
63 OS Cisco IOS 12.1dc Details Vulnerabilities
64 OS Cisco IOS 12.1xe Details Vulnerabilities
65 OS Cisco IOS 12.1 Details Vulnerabilities
66 OS Cisco IOS 12.1xw Details Vulnerabilities
67 OS Cisco IOS 12.1xr Details Vulnerabilities
68 OS Cisco IOS 12.1t Details Vulnerabilities
69 OS Cisco IOS 12.1yc Details Vulnerabilities
70 OS Cisco IOS 12.1xk Details Vulnerabilities
71 OS Cisco IOS 12.1e Details Vulnerabilities
72 OS Cisco IOS 12.1aa Details Vulnerabilities
73 OS Cisco IOS 12.1xx Details Vulnerabilities
74 OS Cisco IOS 12.1xf Details Vulnerabilities
75 OS Cisco IOS 12.1xs Details Vulnerabilities
76 OS Cisco IOS 12.1xa Details Vulnerabilities
77 OS Cisco IOS 12.1yd Details Vulnerabilities
78 OS Cisco IOS 12.1xl Details Vulnerabilities
79 OS Cisco IOS 12.1ec Details Vulnerabilities
80 OS Cisco IOS 12.1xy Details Vulnerabilities
81 OS Cisco IOS 12.1xg Details Vulnerabilities
82 OS Cisco IOS 12.1cx Details Vulnerabilities
83 OS Cisco IOS 12.1xt Details Vulnerabilities
84 OS Cisco IOS 12.1xb Details Vulnerabilities
85 OS Cisco IOS 12.2xh Details Vulnerabilities
86 OS Cisco IOS 12.2 Details Vulnerabilities
87 OS Cisco IOS 12.2xq Details Vulnerabilities
88 OS Cisco IOS 12.2t Details Vulnerabilities
89 OS Cisco IOS 12.2xa Details Vulnerabilities
90 OS Cisco IOS 12.2xd Details Vulnerabilities
91 OS Cisco IOS 12.2xe Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Cisco IOS 91

- References For CVE-2001-0537

http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
BUGTRAQ 20010702 Cisco IOS HTTP Configuration Exploit
http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
BUGTRAQ 20010702 ios-http-auth.sh
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
BUGTRAQ 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
BUGTRAQ 20010702 Cisco device HTTP exploit...
http://xforce.iss.net/static/6749.php
XF cisco-ios-admin-access(6749)
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
CISCO 20010627 IOS HTTP authorization vulnerability
http://www.securityfocus.com/bid/2936
BID 2936 Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability Release Date:2001-06-27
http://www.cert.org/advisories/CA-2001-14.html
CERT CA-2001-14
http://www.osvdb.org/578
OSVDB 578
http://www.ciac.org/ciac/bulletins/l-106.shtml
CIAC L-106

- Metasploit Modules Related To CVE-2001-0537

Cisco IOS HTTP Unauthorized Administrative Access
This module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This module tested successfully against a Cisco 1600 Router IOS v11.3(11d).


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.