Sign-up

ID

VAR-200107-0186


CVE

CVE-2001-0537


TITLE

Cisco IOS HTTP server authentication vulnerability allows remote attackers to execute arbitrary commands

Trust: 0.8

sources: CERT/CC: VU#812515

DESCRIPTION

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. IOS is router firmware developed and distributed by Cisco Systems. IOS functions on numerous Cisco devices, including routers and switches. It is possible to gain full remote administrative access on devices using affected releases of IOS. By using a URL of http://router.address/level/$NUMBER/exec/.... where $NUMBER is an integer between 16 and 99, it is possible for a remote user to gain full administrative access. This problem makes it possible for a remote user to gain full administrative privileges, which may lead to further compromise of the network or result in a denial of service. There is a security issue in versions starting with Cisco IOS 11.3, if it opens the web management interface, it will allow any remote attacker to gain full management rights of the device. The attacker only needs to construct a URL as follows: http://<device_addres>/level/xx/exec/.... where xx is an integer from 16-99. For different devices, this value may be different, but the attacker only needs to test 84 times to find the correct value

Trust: 1.98

sources: NVD: CVE-2001-0537 // CERT/CC: VU#812515 // BID: 2936 // VULHUB: VHN-3351

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.1xx

Trust: 1.9

vendor:ciscomodel:iosscope:eqversion:12.0xs

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.0\(14\)w5\(20\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1xs

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.3ha

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1ya

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1yd

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1yb

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:11.3ma

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.1yc

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.1xv

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.1

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0xv

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:11.3

Trust: 1.3

vendor:ciscomodel:iosscope:eqversion:12.0xi

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0wc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xw

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xu

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xl

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0sc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xn

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1dc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2xh

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1aa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xp

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xh

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0st

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1cx

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ez

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ex

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(10\)w5\(18g\)

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0db

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xz

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1yf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xb

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xu

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xi

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(5\)xk

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xm

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xe

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3na

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xr

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0da

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.2xq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0\(7\)xk

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xq

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3xa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xl

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3da

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xk

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xp

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xh

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ey

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xd

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0wt

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0dc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:11.3aa

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1da

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xr

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1ec

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0sl

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xt

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xc

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0xj

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xj

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xf

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.1xm

Trust: 1.0

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:ios 12.0 xkscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.0 w5scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 12.2xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ydscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ycscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ybscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1yascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xzscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xwscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xkscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ezscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1eyscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1exscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1ecscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1cxscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.1aascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xuscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xsscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xrscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xqscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xpscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xnscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xmscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xlscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xjscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xiscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xhscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0wtscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0wcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0stscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0slscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0scscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3xascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3nascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3mascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3hascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3dbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3dascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 11.3aascope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.2

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.1

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:11.0

Trust: 0.3

vendor:ciscomodel:iosscope:neversion:10.3

Trust: 0.3

sources: CERT/CC: VU#812515 // BID: 2936 // CNNVD: CNNVD-200107-164 // NVD: CVE-2001-0537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0537
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#812515
value: 48.45

Trust: 0.8

CNNVD: CNNVD-200107-164
value: CRITICAL

Trust: 0.6

VULHUB: VHN-3351
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-0537
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3351
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#812515 // VULHUB: VHN-3351 // CNNVD: CNNVD-200107-164 // NVD: CVE-2001-0537

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-3351 // NVD: CVE-2001-0537

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-164

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200107-164

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3351

EXTERNAL IDS
db:BIDid:2936
Trust: 2.8
db:OSVDBid:578
Trust: 1.7
db:NVDid:CVE-2001-0537
Trust: 1.7
db:CERT/CCid:VU#812515
Trust: 0.8
db:CNNVDid:CNNVD-200107-164
Trust: 0.7
db:BUGTRAQid:20010702 CISCO IOS HTTP CONFIGURATION EXPLOIT
Trust: 0.6
db:BUGTRAQid:20010629 RE: CISCO SECURITY ADVISORY: IOS HTTP AUTHORIZATION VULNERABILITY
Trust: 0.6
db:BUGTRAQid:20010702 IOS-HTTP-AUTH.SH
Trust: 0.6
db:BUGTRAQid:20010702 CISCO DEVICE HTTP EXPLOIT...
Trust: 0.6
db:CIACid:L-106
Trust: 0.6
db:CERT/CCid:CA-2001-14
Trust: 0.6
db:XFid:6749
Trust: 0.6
db:CISCOid:20010627 IOS HTTP AUTHORIZATION VULNERABILITY
Trust: 0.6
db:EXPLOIT-DBid:20975
Trust: 0.1
db:EXPLOIT-DBid:20977
Trust: 0.1
db:EXPLOIT-DBid:20976
Trust: 0.1
db:EXPLOIT-DBid:20978
Trust: 0.1
db:VULHUBid:VHN-3351
Trust: 0.1
sources:
            
            
            CERT/CC: VU#812515 // 
            
            
            
            VULHUB: VHN-3351 // 
            
            
            
            BID: 2936 // 
            
            
            
            CNNVD: CNNVD-200107-164 // 
            
            
            
            NVD: CVE-2001-0537

REFERENCES
url:http://www.cisco.com/warp/public/707/ios-httplevel-pub.html
Trust: 2.8
url:http://www.securityfocus.com/bid/2936
Trust: 2.5
url:http://www.ciac.org/ciac/bulletins/l-106.shtml
Trust: 2.5
url:http://www.cert.org/advisories/ca-2001-14.html
Trust: 1.7
url:http://www.osvdb.org/578
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
Trust: 1.1
url:http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org
Trust: 1.0
url:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com
Trust: 1.0
url:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com
Trust: 1.0
url:http://www.securityfocus.com/archive/1/pine.lnx.3.96.1010702134611.22995b-100000%40lib-vai.lib.asu.edu
Trust: 1.0
url:http://www.cisco.com/warp/public/480/tacplus.shtml
Trust: 0.8
url:http://www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
Trust: 0.8
url:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
Trust: 0.7
url:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
Trust: 0.7
url:http://www.securityfocus.com/archive/1/pine.lnx.3.96.1010702134611.22995b-100000@lib-vai.lib.asu.edu
Trust: 0.7
url:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
Trust: 0.7
url:http://xforce.iss.net/static/6749.php
Trust: 0.6
url:http://www.cisco.com/public/sw-center/sw-ios.shtml
Trust: 0.3
sources:
            
            
            CERT/CC: VU#812515 // 
            
            
            
            VULHUB: VHN-3351 // 
            
            
            
            BID: 2936 // 
            
            
            
            CNNVD: CNNVD-200107-164 // 
            
            
            
            NVD: CVE-2001-0537

CREDITS
David Hyams※ david.hyams@kmu-security.ch
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200107-164

SOURCES
db:CERT/CCid:VU#812515
db:VULHUBid:VHN-3351
db:BIDid:2936
db:CNNVDid:CNNVD-200107-164
db:NVDid:CVE-2001-0537

LAST UPDATE DATE
2024-08-14T15:25:51.288000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#812515date:2004-03-30T00:00:00
db:VULHUBid:VHN-3351date:2017-10-10T00:00:00
db:BIDid:2936date:2001-06-27T00:00:00
db:CNNVDid:CNNVD-200107-164date:2005-05-02T00:00:00
db:NVDid:CVE-2001-0537date:2023-11-07T01:55:34.133

SOURCES RELEASE DATE
db:CERT/CCid:VU#812515date:2001-06-27T00:00:00
db:VULHUBid:VHN-3351date:2001-07-21T00:00:00
db:BIDid:2936date:2001-06-27T00:00:00
db:CNNVDid:CNNVD-200107-164date:2000-06-27T00:00:00
db:NVDid:CVE-2001-0537date:2001-07-21T04:00:00