9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.877 High
EPSS
Percentile
98.7%
Added: 12/23/2010
CVE: CVE-2001-0537
BID: 2936
OSVDB: 578
The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.
A remote attacker could execute arbitrary commands at the highest privilege level (level 15) without needing to authenticate by requesting a URL of the form **http://_target_/level/_xx_/exec/_command_**
, where xx is some number between 16 and 99.
Apply the fix referenced in cisco-sa-20010627-ios-http-level. Alternatively, disable the HTTP interface or use TACACS+ or Radius for authentication.
<http://www.cert.org/advisories/CA-2001-14.html>
Exploit works on Cisco IOS 11.3 through 12.2.
The target must have the HTTP interface enabled and be using local authentication in order for the exploit to succeed.
Cisco