CVE-2001-0537

EXPLOITED NUCLEI

Cisco Ios - Authentication Bypass

Title source: rule

Description

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Exploits (6)

vulncheck_xdb WORKING POC
remote
https://github.com/threat9/routersploit
exploitdb WORKING POC VERIFIED
by blackangels · perlremotehardware
https://www.exploit-db.com/exploits/20978
exploitdb SCANNER VERIFIED
by hypoclear · perlremotehardware
https://www.exploit-db.com/exploits/20977
exploitdb SCANNER VERIFIED
by cronos · perlremotehardware
https://www.exploit-db.com/exploits/20975
exploitdb WORKING POC VERIFIED
by Eliel C. Sardanons · cremotehardware
https://www.exploit-db.com/exploits/20976
metasploit WORKING POC
by aushack, hdm · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/cisco_ios_auth_bypass.rb

Nuclei Templates (1)

Cisco IOS HTTP Configuration - Authentication Bypass
CRITICALVERIFIEDby DhiyaneshDK
Shodan: product:"Cisco IOS http config" && 200 || product:"cisco ios http config" || cpe:"cpe:2.3:o:cisco:ios"

References (10)

Scores

EPSS 0.9377
EPSS Percentile 99.8%

Exploitation Intel

VulnCheck KEV 2023-11-15

Classification

CWE
CWE-287
Status draft

Affected Products (50)

cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
cisco/ios
... and 35 more

Timeline

Published Jul 21, 2001
Tracked Since Feb 18, 2026