Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2001-0537 PoC — Cisco IOS Web配置接口安全认证可被绕过漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2001/CVE-2001-0537.yaml
Associated Vulnerability
Title:Cisco IOS Web配置接口安全认证可被绕过漏洞 (CVE-2001-0537)
Description:IOS是Cisco公司开发的路由器固件。IOS支持很多Cisoco设备(包括路由器和交换机)。 在Cisco IOS 11.3开始的版本存在一个安全问题,如果它开放了Web管理接口,将允许任意远程攻击者获取该设备的完全的管理权限。 攻击者只需要构造一个如下的URL: http://<device_addres>/level/xx/exec/.... 这里的xx是一个从16-99之间的整数。对于不同的设备,这个数值可能是不同的,但是攻击者仅需要测试84次即可找到正确的数值。 这个问题可能导致远程用户获取完全
Description
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
File Snapshot

 id: CVE-2001-0537

info:
  name: Cisco IOS HTTP Configuration - Authentication Bypass
  author: Dhiy

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.