CVE-2001-0537
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 28, 2001
- Published Date
- March 09, 2002
- Last Updated
- August 08, 2024
- Vendor
- Cisco
- Product
- IOS
- Description
- HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
- Tags
- Score
- 93.02% (Percentile: 99.77%) as of 2025-06-02
- Exploited in the Wild
- Yes (added 2025-05-05 00:00:00 UTC) Source
ios
nuclei_scanner
edge
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
Exploit Status
References
http://www.cert.org/advisories/CA-2001-14.html
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com
http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org
http://www.osvdb.org/578
http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu
http://www.ciac.org/ciac/bulletins/l-106.shtml
http://www.securityfocus.com/bid/2936
https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-05-05 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2001/CVE-2001-0537.yaml | 2025-04-26 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel