Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010
CVE: CVE-2001-0537
BID: 2936
OSVDB: 578

Background

The Cisco Internetwork Operating System (IOS) is the operating system used by Cisco routers.

Problem

A remote attacker could execute arbitrary commands at the highest privilege level (level 15) without needing to authenticate by requesting a URL of the form http://target/level/xx/exec/command, where xx is some number between 16 and 99.

Resolution

Apply the fix referenced in cisco-sa-20010627-ios-http-level. Alternatively, disable the HTTP interface or use TACACS+ or Radius for authentication.

References

http://www.cert.org/advisories/CA-2001-14.html

Limitations

Exploit works on Cisco IOS 11.3 through 12.2.

The target must have the HTTP interface enabled and be using local authentication in order for the exploit to succeed.

Platforms

Cisco

Back to exploit index