Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0537Improper Authentication in Cisco IOS

CWE-287Improper Authentication11 documents7 sources
Severity
9.3CRITICALNVD
EPSS
93.8%
top 0.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedJul 21
Latest updateApr 30

Description

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios91 versions+90

Patches

Patch: www.cert.orgPatch: www.cisco.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-3m99-vrqx-m6h7: HTTP server for Cisco IOS 112022-04-30
VulnCheck
Cisco IOS Software Improper Authentication2001

💥Exploits & PoCs

6
Exploit-DB
Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (4)2001-06-27
Exploit-DB
Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (2)2001-06-27
Exploit-DB
Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (1)2001-06-27
Exploit-DB
Cisco IOS 11.x/12.x - HTTP Configuration Arbitrary Administrative Access (3)2001-03-07
Metasploit
Cisco IOS HTTP Unauthorized Administrative Access

📋Vendor Advisories

2
Cisco
IOS HTTP Authorization Vulnerability2001-06-27
Cisco
IOS HTTP Authorization Vulnerability
CVE-2001-0537 — Improper Authentication in Cisco IOS | cvebase