CVE-2001-0537 - Improper Authentication

Severity

93%

Complexity

86%

Confidentiality

165%

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Demo Examples

Improper Authentication

CWE-287

The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to "remember" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the "Administrator" username, as recorded in the user cookie.


               
}

                     
}
ExitError("Error: you need to log in first");

                           

                              
);
);
DoAdministratorTasks();

Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:


               
[body of request]

By setting the loggedin cookie to "true", the attacker bypasses the entire authentication check. By using the "Administrator" value in the user cookie, the attacker also gains privileges to administer the software.

Improper Authentication

CWE-287

Overview

Type

Cisco IOS

First reported 23 years ago

2001-07-21 04:00:00

Last updated 7 years ago

2017-10-10 01:29:00

Affected Software

Cisco IOS 11.3

11.3

Cisco IOS 11.3AA

11.3aa

Cisco IOS 11.3 DA

11.3da

Cisco IOS 11.3DB

11.3db

Cisco IOS 11.3 HA

11.3ha

Cisco IOS 11.3 MA

11.3ma

Cisco IOS 11.3 NA

11.3na

Cisco IOS 11.3T

11.3t

Cisco IOS 11.3 XA

11.3xa

Cisco IOS 12.0

12.0

Cisco IOS 12.0 (5)XK

12.0\(5\)xk

Cisco IOS 12.0 (7)XK

12.0\(7\)xk

Cisco IOS 12.0 (10)W5(18g)

12.0\(10\)w5\(18g\)

Cisco IOS 12.0 (14)W5(20)

12.0\(14\)w5\(20\)

Cisco IOS 12.0DA

12.0da

Cisco IOS 12.0DB

12.0db

Cisco IOS 12.0DC

12.0dc

Cisco IOS 12.0S

12.0s

Cisco IOS 12.0SC

12.0sc

Cisco IOS 12.0SL

12.0sl

Cisco IOS 12.0ST

12.0st

Cisco IOS 12.0T

12.0t

Cisco IOS 12.0WC

12.0wc

Cisco IOS 12.0WT

12.0wt

Cisco IOS 12.0XA

12.0xa

Cisco IOS 12.0XB

12.0xb

Cisco IOS 12.0XC

12.0xc

Cisco IOS 12.0XD

12.0xd

Cisco IOS 12.0XE

12.0xe

Cisco IOS 12.0XF

12.0xf

Cisco IOS 12.0XG

12.0xg

Cisco IOS 12.0XH

12.0xh

Cisco IOS 12.0XI

12.0xi

Cisco IOS 12.0XJ

12.0xj

Cisco IOS 12.0XL

12.0xl

Cisco IOS 12.0XM

12.0xm

Cisco IOS 12.0XN

12.0xn

Cisco IOS 12.0XP

12.0xp

Cisco IOS 12.0XQ

12.0xq

Cisco IOS 12.0XR

12.0xr

Cisco IOS 12.0XS

12.0xs

Cisco IOS 12.0XU

12.0xu

Cisco IOS 12.0Xv

12.0xv

Cisco IOS 12.1

12.1

Cisco IOS 12.1AA

12.1aa

Cisco IOS 12.1CX

12.1cx

Cisco IOS 12.1DA

12.1da

Cisco IOS 12.1DB

12.1db

Cisco IOS 12.1DC

12.1dc

Cisco IOS 12.1E

12.1e

Cisco IOS 12.1EC

12.1ec

Cisco IOS 12.1EX

12.1ex

Cisco IOS 12.1EY

12.1ey

Cisco IOS 12.1EZ

12.1ez

Cisco IOS 12.1T

12.1t

Cisco IOS 12.1XA

12.1xa

Cisco IOS 12.1XB

12.1xb

Cisco IOS 12.1XC

12.1xc

Cisco IOS 12.1XD

12.1xd

Cisco IOS 12.1XE

12.1xe

Cisco IOS 12.1XF

12.1xf

Cisco IOS 12.1XG

12.1xg

Cisco IOS 12.1XH

12.1xh

Cisco IOS 12.1XI

12.1xi

Cisco IOS 12.1XJ

12.1xj

Cisco IOS 12.1XK

12.1xk

Cisco IOS 12.1XL

12.1xl

Cisco IOS 12.1XM

12.1xm

Cisco IOS 12.1XP

12.1xp

Cisco IOS 12.1XQ

12.1xq

Cisco IOS 12.1XR

12.1xr

Cisco IOS 12.1XS

12.1xs

Cisco IOS 12.1XT

12.1xt

Cisco IOS 12.1XU

12.1xu

Cisco IOS 12.1XV

12.1xv

Cisco IOS 12.1XW

12.1xw

Cisco IOS 12.1XX

12.1xx

Cisco IOS 12.1XY

12.1xy

Cisco IOS 12.1XZ

12.1xz

Cisco IOS 12.1YA

12.1ya

Cisco IOS 12.1YB

12.1yb

Cisco IOS 12.1YC

12.1yc

Cisco IOS 12.1YD

12.1yd

Cisco IOS 12.1YF

12.1yf

Cisco IOS 12.2

12.2

Cisco IOS 12.2T

12.2t

Cisco IOS 12.2XA

12.2xa

Cisco IOS 12.2XD

12.2xd

Cisco IOS 12.2XE

12.2xe

Cisco IOS 12.2XH

12.2xh

Cisco IOS 12.2XQ

12.2xq

References

CA-2001-14

Exploit, Patch, Third Party Advisory, US Government Resource

L-106

20010627 IOS HTTP authorization vulnerability

Exploit, Patch, Vendor Advisory

578

20010702 Cisco IOS HTTP Configuration Exploit

20010702 ios-http-auth.sh

20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability

20010702 Cisco device HTTP exploit...

2936

Exploit, Patch, Vendor Advisory

cisco-ios-admin-access(6749)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.