.. / CVE-2001-0537

Exploit for Cisco IOS 11.3 to 12.2 - Authentication Bypass (CVE-2001-0537)

Description:

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Affected Products:

Cisco IOS 11.3 to 12.2

Proof of Concept

PoC exploits

https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass/

Nuclei Template

View the template here CVE-2001-0537.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2001/CVE-2001-0537.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2001-0537
http://www.ciac.org/ciac/bulletins/l-106.shtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass
https://github.com/ARPSyndicate/cvemon

.. / CVE-2001-0537 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }