PT-2001-1740 · Cisco · Cisco Ios
Published
2001-07-21
·
Updated
2017-10-10
·
CVE-2001-0537
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Cisco IOS versions 11.3 through 12.2
Description:
The issue allows attackers to bypass authentication and execute arbitrary commands when local authorization is being used. This can be achieved by specifying a high access level in the URL.
Recommendations:
For versions 11.3 through 12.2, consider restricting access to the HTTP server until a fix is available. As a temporary workaround, limit the use of local authorization to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Ios