The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.
A remote attacker could execute arbitrary commands at the highest privilege level (level 15) without needing to authenticate by requesting a URL of the form
**http://_target_/level/_xx_/exec/_command_**, where xx is some number between 16 and 99.
Apply the fix referenced in cisco-sa-20010627-ios-http-level. Alternatively, disable the HTTP interface or use TACACS+ or Radius for authentication.
Exploit works on Cisco IOS 11.3 through 12.2.
The target must have the HTTP interface enabled and be using local authentication in order for the exploit to succeed.