CVE-2001-0537 - Vulnerability Details

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios:11.3:::::::*
	cpe:2.3:o:cisco:ios:11.3aa:::::::*
	cpe:2.3:o:cisco:ios:11.3da:::::::*
	cpe:2.3:o:cisco:ios:11.3db:::::::*
	cpe:2.3:o:cisco:ios:11.3ha:::::::*
	cpe:2.3:o:cisco:ios:11.3ma:::::::*
	cpe:2.3:o:cisco:ios:11.3na:::::::*
	cpe:2.3:o:cisco:ios:11.3t:::::::*
	cpe:2.3:o:cisco:ios:11.3xa:::::::*
	cpe:2.3:o:cisco:ios:12.0:::::::*
	cpe:2.3:o:cisco:ios:12.0\(5\)xk:::::::*
	cpe:2.3:o:cisco:ios:12.0\(7\)xk:::::::*
	cpe:2.3:o:cisco:ios:12.0\(10\)w5\(18g\):::::::*
	cpe:2.3:o:cisco:ios:12.0\(14\)w5\(20\):::::::*
	cpe:2.3:o:cisco:ios:12.0da:::::::*
	cpe:2.3:o:cisco:ios:12.0db:::::::*
	cpe:2.3:o:cisco:ios:12.0dc:::::::*
	cpe:2.3:o:cisco:ios:12.0s:::::::*
	cpe:2.3:o:cisco:ios:12.0sc:::::::*
	cpe:2.3:o:cisco:ios:12.0sl:::::::*
	cpe:2.3:o:cisco:ios:12.0st:::::::*
	cpe:2.3:o:cisco:ios:12.0t:::::::*
	cpe:2.3:o:cisco:ios:12.0wc:::::::*
	cpe:2.3:o:cisco:ios:12.0wt:::::::*
	cpe:2.3:o:cisco:ios:12.0xa:::::::*
	cpe:2.3:o:cisco:ios:12.0xb:::::::*
	cpe:2.3:o:cisco:ios:12.0xc:::::::*
	cpe:2.3:o:cisco:ios:12.0xd:::::::*
	cpe:2.3:o:cisco:ios:12.0xe:::::::*
	cpe:2.3:o:cisco:ios:12.0xf:::::::*
	cpe:2.3:o:cisco:ios:12.0xg:::::::*
	cpe:2.3:o:cisco:ios:12.0xh:::::::*
	cpe:2.3:o:cisco:ios:12.0xi:::::::*
	cpe:2.3:o:cisco:ios:12.0xj:::::::*
	cpe:2.3:o:cisco:ios:12.0xl:::::::*
	cpe:2.3:o:cisco:ios:12.0xm:::::::*
	cpe:2.3:o:cisco:ios:12.0xn:::::::*
	cpe:2.3:o:cisco:ios:12.0xp:::::::*
	cpe:2.3:o:cisco:ios:12.0xq:::::::*
	cpe:2.3:o:cisco:ios:12.0xr:::::::*
	cpe:2.3:o:cisco:ios:12.0xs:::::::*
	cpe:2.3:o:cisco:ios:12.0xu:::::::*
	cpe:2.3:o:cisco:ios:12.0xv:::::::*
	cpe:2.3:o:cisco:ios:12.1:::::::*
	cpe:2.3:o:cisco:ios:12.1aa:::::::*
	cpe:2.3:o:cisco:ios:12.1cx:::::::*
	cpe:2.3:o:cisco:ios:12.1da:::::::*
	cpe:2.3:o:cisco:ios:12.1db:::::::*
	cpe:2.3:o:cisco:ios:12.1dc:::::::*
	cpe:2.3:o:cisco:ios:12.1e:::::::*
	cpe:2.3:o:cisco:ios:12.1ec:::::::*
	cpe:2.3:o:cisco:ios:12.1ex:::::::*
	cpe:2.3:o:cisco:ios:12.1ey:::::::*
	cpe:2.3:o:cisco:ios:12.1ez:::::::*
	cpe:2.3:o:cisco:ios:12.1t:::::::*
	cpe:2.3:o:cisco:ios:12.1xa:::::::*
	cpe:2.3:o:cisco:ios:12.1xb:::::::*
	cpe:2.3:o:cisco:ios:12.1xc:::::::*
	cpe:2.3:o:cisco:ios:12.1xd:::::::*
	cpe:2.3:o:cisco:ios:12.1xe:::::::*
	cpe:2.3:o:cisco:ios:12.1xf:::::::*
	cpe:2.3:o:cisco:ios:12.1xg:::::::*
	cpe:2.3:o:cisco:ios:12.1xh:::::::*
	cpe:2.3:o:cisco:ios:12.1xi:::::::*
cpe:2.3:o:cisco:ios:12.1xj:::::::*
cpe:2.3:o:cisco:ios:12.1xk:::::::*
cpe:2.3:o:cisco:ios:12.1xl:::::::*
cpe:2.3:o:cisco:ios:12.1xm:::::::*
cpe:2.3:o:cisco:ios:12.1xp:::::::*
cpe:2.3:o:cisco:ios:12.1xq:::::::*
cpe:2.3:o:cisco:ios:12.1xr:::::::*
cpe:2.3:o:cisco:ios:12.1xs:::::::*
cpe:2.3:o:cisco:ios:12.1xt:::::::*
cpe:2.3:o:cisco:ios:12.1xu:::::::*
cpe:2.3:o:cisco:ios:12.1xv:::::::*
cpe:2.3:o:cisco:ios:12.1xw:::::::*
cpe:2.3:o:cisco:ios:12.1xx:::::::*
cpe:2.3:o:cisco:ios:12.1xy:::::::*
cpe:2.3:o:cisco:ios:12.1xz:::::::*
cpe:2.3:o:cisco:ios:12.1ya:::::::*
cpe:2.3:o:cisco:ios:12.1yb:::::::*
cpe:2.3:o:cisco:ios:12.1yc:::::::*
cpe:2.3:o:cisco:ios:12.1yd:::::::*
cpe:2.3:o:cisco:ios:12.1yf:::::::*
cpe:2.3:o:cisco:ios:12.2:::::::*
cpe:2.3:o:cisco:ios:12.2t:::::::*
cpe:2.3:o:cisco:ios:12.2xa:::::::*
cpe:2.3:o:cisco:ios:12.2xd:::::::*
cpe:2.3:o:cisco:ios:12.2xe:::::::*
cpe:2.3:o:cisco:ios:12.2xh:::::::*
cpe:2.3:o:cisco:ios:12.2xq:::::::*

No data.

References

Link	Providers
http://www.cert.org/advisories/CA-2001-14.html
http://www.ciac.org/ciac/bulletins/l-106.shtml
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
http://www.osvdb.org/578
http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org
http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com
http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu
http://www.securityfocus.com/bid/2936
https://exchange.xforce.ibmcloud.com/vulnerabilities/6749

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-03-09T05:00:00

Updated: 2024-08-08T04:21:38.680Z

Reserved: 2001-06-28T00:00:00

Link: CVE-2001-0537

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2001-07-21T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2001-0537

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2001-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-03-02T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CA-2001-14", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.cert.org/advisories/CA-2001-14.html"}, {"name": "20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com"}, {"name": "20010627 IOS HTTP authorization vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"}, {"name": "20010702 ios-http-auth.sh", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com"}, {"name": "20010702 Cisco IOS HTTP Configuration Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org"}, {"name": "578", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/578"}, {"name": "20010702 Cisco device HTTP exploit...", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu"}, {"name": "L-106", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC"], "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"}, {"name": "2936", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/2936"}, {"name": "cisco-ios-admin-access(6749)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0537", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CA-2001-14", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2001-14.html"}, {"name": "20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com"}, {"name": "20010627 IOS HTTP authorization vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"}, {"name": "20010702 ios-http-auth.sh", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com"}, {"name": "20010702 Cisco IOS HTTP Configuration Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org"}, {"name": "578", "refsource": "OSVDB", "url": "http://www.osvdb.org/578"}, {"name": "20010702 Cisco device HTTP exploit...", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu"}, {"name": "L-106", "refsource": "CIAC", "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"}, {"name": "2936", "refsource": "BID", "url": "http://www.securityfocus.com/bid/2936"}, {"name": "cisco-ios-admin-access(6749)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T04:21:38.680Z"}, "title": "CVE Program Container", "references": [{"name": "CA-2001-14", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.cert.org/advisories/CA-2001-14.html"}, {"name": "20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com"}, {"name": "20010627 IOS HTTP authorization vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"}, {"name": "20010702 ios-http-auth.sh", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com"}, {"name": "20010702 Cisco IOS HTTP Configuration Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org"}, {"name": "578", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/578"}, {"name": "20010702 Cisco device HTTP exploit...", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu"}, {"name": "L-106", "tags": ["third-party-advisory", "government-resource", "x_refsource_CIAC", "x_transferred"], "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"}, {"name": "2936", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/2936"}, {"name": "cisco-ios-admin-access(6749)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0537", "datePublished": "2002-03-09T05:00:00", "dateReserved": "2001-06-28T00:00:00", "dateUpdated": "2024-08-08T04:21:38.680Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "33CCFFC6-9D26-4C39-AF76-0B8FCDE743CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3aa:*:*:*:*:*:*:*", "matchCriteriaId": "D8783C0A-990A-4B79-8BF9-64E425DA585E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3da:*:*:*:*:*:*:*", "matchCriteriaId": "11B3630E-6ED6-4A8F-8FBC-AA68E81490F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3db:*:*:*:*:*:*:*", "matchCriteriaId": "046D8679-38F8-4DC9-82A7-2562DE0495F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3ha:*:*:*:*:*:*:*", "matchCriteriaId": "92509012-2DA2-4045-9AE4-4D8681F64D2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3ma:*:*:*:*:*:*:*", "matchCriteriaId": "1C993003-8B99-4CFF-8546-888E8C5D8FEC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3na:*:*:*:*:*:*:*", "matchCriteriaId": "80AEA6F5-907D-493F-AB07-971D13BC1CAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*", "matchCriteriaId": "655BB9C1-BA90-452E-A9C8-9B1E15B99650", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:11.3xa:*:*:*:*:*:*:*", "matchCriteriaId": "0A747DB2-A031-470F-8EA5-F37FBE175D18", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F86F790-6247-42F2-9487-3D60A2842F52", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk:*:*:*:*:*:*:*", "matchCriteriaId": "1423776F-1C73-4872-81F6-29C411B6E545", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk:*:*:*:*:*:*:*", "matchCriteriaId": "5EC5E6E9-E639-424B-963D-2760B2C38D8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18g\\):*:*:*:*:*:*:*", "matchCriteriaId": "77D178AF-15CB-4352-8193-741F8B49688A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0\\(14\\)w5\\(20\\):*:*:*:*:*:*:*", "matchCriteriaId": "4BC109F5-0907-4CDB-90BD-61788921DABC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*", "matchCriteriaId": "12434A88-88C6-4749-981F-E2B4D725F48F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*", "matchCriteriaId": "4F7CF26C-AEAA-42D7-8136-56E77E73DCB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*", "matchCriteriaId": "1A4864A2-D6BB-4E2A-9AA4-519EE0732D16", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*", "matchCriteriaId": "2C398460-3F38-4AA7-A4B1-FD8A01588DB5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*", "matchCriteriaId": "793F494D-F6BD-4B23-92BE-83B9DD9D4A5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*", "matchCriteriaId": "2B6B0C2F-2FBE-4422-AD30-305100C595CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*", "matchCriteriaId": "DBEA01D2-B985-4575-AF00-144CE2E3024D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*", "matchCriteriaId": "CA7F94E8-86FC-456B-A7BB-57953F67F754", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*", "matchCriteriaId": "C8B5CC91-144D-4818-871E-E6120A7E1050", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*", "matchCriteriaId": "23E5F43E-20DA-4C5C-B8C5-1A5512CA07B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*", "matchCriteriaId": "1050ACB3-E5B2-4710-910B-F3DF4B49907F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*", "matchCriteriaId": "5ABE71F9-17D4-47C4-A762-18CC8716E477", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*", "matchCriteriaId": "7977DA9F-41DE-4482-B0CD-896EEEFB5689", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*", "matchCriteriaId": "6D0A8D1D-ED94-4A2E-ACC5-0408C2C9FCFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*", "matchCriteriaId": "1ADAB898-7728-4C14-B69A-7B8B06AFC894", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*", "matchCriteriaId": "DDBE69A0-85B1-423B-88FB-CDA80E9186EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*", "matchCriteriaId": "C14C28A4-91C1-4AE0-8A14-8E98A569F7B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*", "matchCriteriaId": "54424787-34AC-410D-985F-511ADB2BB144", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*", "matchCriteriaId": "70F54F0C-AC91-4CB7-9FEB-257F03547864", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*", "matchCriteriaId": "B6A0D017-F26F-4429-891E-C7E1C66B6588", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*", "matchCriteriaId": "9A3DFAEC-4534-4A8D-9886-0723F57C7A63", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*", "matchCriteriaId": "E5451772-87D4-42E2-8F48-D137670DA3E5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*", "matchCriteriaId": "D162976F-87A3-42BF-8C9F-A981B14F4673", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*", "matchCriteriaId": "E2606209-91BE-4BEB-A163-0D3873A033FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*", "matchCriteriaId": "43581A57-418A-4A35-ACF2-1380A8DA8A82", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*", "matchCriteriaId": "AC17E231-9256-4600-A33B-238E7E83CF85", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*", "matchCriteriaId": "7A6D5468-BB6A-4665-964F-D8F636359CCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*", "matchCriteriaId": "4D0082D5-CE3E-433A-84E9-1311C8B7899A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*", "matchCriteriaId": "00EB78A4-B386-4FCB-A21F-BD2B2EFC9616", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F2F9EC5-EDA2-4C99-BBF1-2F2C92AACE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*", "matchCriteriaId": "BA6FFE33-2891-48E5-9D0C-C52F88B2D76C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1cx:*:*:*:*:*:*:*", "matchCriteriaId": "FDEF6AED-4477-4AAC-9759-1996B77DFEE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*", "matchCriteriaId": "C9427851-B0DC-4CE6-8BFA-60619D1DC87C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*", "matchCriteriaId": "6D07DD94-0925-4FEE-9565-5F36B9AAF448", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*", "matchCriteriaId": "BC3A67F5-05C6-4097-A88E-0A0F165C12EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*", "matchCriteriaId": "7126E176-D739-4102-8F10-1EEB8C6A219D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*", "matchCriteriaId": "46FF39C5-CC37-4573-BB18-36254D38509B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1ex:*:*:*:*:*:*:*", "matchCriteriaId": "F4A85892-C3AB-4920-A949-A71BD0332D62", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1ey:*:*:*:*:*:*:*", "matchCriteriaId": "C6330829-9A7B-479D-B38B-BC64148EC172", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1ez:*:*:*:*:*:*:*", "matchCriteriaId": "CF9F1E38-3482-4EAC-8654-EBC004B9344B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*", "matchCriteriaId": "752C3C6B-910D-4153-A162-DF255F60306B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*", "matchCriteriaId": "C1BBE2FF-5DAE-447A-9C3D-3F48B24AECA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*", "matchCriteriaId": "297FAD97-60C0-473D-A18D-03657B81B7E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*", "matchCriteriaId": "2AD4A33B-B13E-40C6-B47F-A406ACC6664F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*", "matchCriteriaId": "0E488E6E-87F0-4292-B97B-31087FDB4655", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*", "matchCriteriaId": "0D199CB1-A2A3-4678-9503-C5B61281755C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*", "matchCriteriaId": "D5D743DF-838A-4E7A-A4FC-BB5EB7D93CFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*", "matchCriteriaId": "19952DC6-1186-4754-BB1E-BA1D78A19C96", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*", "matchCriteriaId": "441CB9D6-5EDB-457B-B59E-D48B01AEAF5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*", "matchCriteriaId": "28097F62-B51F-4A3B-BB31-6FA67E8C8B5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*", "matchCriteriaId": "80E8AF76-0A1D-4BAE-BF10-D63080352E6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xk:*:*:*:*:*:*:*", "matchCriteriaId": "8A11AF3F-C82F-4431-9CF1-84FDAD388D04", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*", "matchCriteriaId": "3B674647-4438-4450-9DCA-25184D4E2682", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*", "matchCriteriaId": "86E5CC41-1344-4A65-A653-8012ACE2CF2D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*", "matchCriteriaId": "71FB7128-CF11-4903-97D7-418403A03CD6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*", "matchCriteriaId": "63EFB20A-78E2-4BA1-B87C-BB74E8982D99", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*", "matchCriteriaId": "3A273401-9394-4BC3-879C-DE3EFC09B3F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*", "matchCriteriaId": "6DABF911-FCDF-4095-A95D-4BB73628FCA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*", "matchCriteriaId": "77886493-C30E-439E-BBB4-3D34A8938378", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*", "matchCriteriaId": "7813F511-CF6D-487F-9D1C-7A6CF85AD724", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*", "matchCriteriaId": "677DC4B6-8B3D-4A0D-9934-743FD7494DF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xw:*:*:*:*:*:*:*", "matchCriteriaId": "E272881F-0804-4190-A21D-3D0B9A774F13", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xx:*:*:*:*:*:*:*", "matchCriteriaId": "B12B39FE-3E7B-4D96-8CD4-0D57C50A786A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*", "matchCriteriaId": "F084DA16-24CB-41D1-92B7-C6E0499AAD10", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1xz:*:*:*:*:*:*:*", "matchCriteriaId": "BA979D75-F60E-45F8-B99C-1402DC8CFCDC", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1ya:*:*:*:*:*:*:*", "matchCriteriaId": "194F0AB1-92E6-4CE3-A5A1-904BF75F05D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*", "matchCriteriaId": "884753D4-3AF0-4723-9D51-26BA7B4CA533", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*", "matchCriteriaId": "DAF3601D-DF44-4A10-A424-8E97C65A36A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*", "matchCriteriaId": "BC38BD6C-9823-4D2A-8BE2-60AABE3C4932", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*", "matchCriteriaId": "3BB103ED-B170-4193-84CD-4C59F4D6A10A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*", "matchCriteriaId": "84900BB3-B49F-448A-9E04-FE423FBCCC4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*", "matchCriteriaId": "EAC6758B-C6EE-45CB-AC2D-28C4AE709DD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*", "matchCriteriaId": "4AB8E66C-A16F-4CC5-9FDF-AE274FF035EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*", "matchCriteriaId": "746DDC61-3981-4E93-A7EE-C120E0265485", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*", "matchCriteriaId": "4628FDA0-4260-4493-92C9-4574E5EC06A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*", "matchCriteriaId": "4B40548F-3914-4227-9E4C-F1B34071C069", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL."}], "id": "CVE-2001-0537", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2001-07-21T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.cert.org/advisories/CA-2001-14.html"}, {"source": "cve@mitre.org", "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/578"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/2936"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.cert.org/advisories/CA-2001-14.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ciac.org/ciac/bulletins/l-106.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/578"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/2936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6749"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object