National Cyber Awareness System

Vulnerability Summary for CVE-2001-0537

Overview

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

CERT/CC Advisory: CA-2001-14

Name: CA-2001-14

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.cert.org/advisories/CA-2001-14.html

External Source: BID

Name: 2936

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/bid/2936

External Source: CISCO

Name: 20010627 IOS HTTP authorization vulnerability

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html

External Source: XF

Name: cisco-ios-admin-access(6749)

Hyperlink:http://xforce.iss.net/static/6749.php

External Source: BUGTRAQ

Name: 20010702 Cisco device HTTP exploit...

Hyperlink:http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu

External Source: BUGTRAQ

Name: 20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com

External Source: BUGTRAQ

Name: 20010702 ios-http-auth.sh

Hyperlink:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com

External Source: BUGTRAQ

Name: 20010702 Cisco IOS HTTP Configuration Exploit

Hyperlink:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org

External Source: OSVDB

Name: 578

Hyperlink:http://www.osvdb.org/578

External Source: CIAC

Name: L-106

Hyperlink:http://www.ciac.org/ciac/bulletins/l-106.shtml

References to Check Content

Identifier:oval:org.mitre.oval:def:5663

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:5663