HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 11.3 (including) | 11.3 (including) |
| Ios | Cisco | 11.3aa (including) | 11.3aa (including) |
| Ios | Cisco | 11.3da (including) | 11.3da (including) |
| Ios | Cisco | 11.3db (including) | 11.3db (including) |
| Ios | Cisco | 11.3ha (including) | 11.3ha (including) |
| Ios | Cisco | 11.3ma (including) | 11.3ma (including) |
| Ios | Cisco | 11.3na (including) | 11.3na (including) |
| Ios | Cisco | 11.3t (including) | 11.3t (including) |
| Ios | Cisco | 11.3xa (including) | 11.3xa (including) |
| Ios | Cisco | 12.0 (including) | 12.0 (including) |
| Ios | Cisco | 12.0(5)xk (including) | 12.0(5)xk (including) |
| Ios | Cisco | 12.0(7)xk (including) | 12.0(7)xk (including) |
| Ios | Cisco | 12.0(10)w5(18g) (including) | 12.0(10)w5(18g) (including) |
| Ios | Cisco | 12.0(14)w5(20) (including) | 12.0(14)w5(20) (including) |
| Ios | Cisco | 12.0da (including) | 12.0da (including) |
| Ios | Cisco | 12.0db (including) | 12.0db (including) |
| Ios | Cisco | 12.0dc (including) | 12.0dc (including) |
| Ios | Cisco | 12.0s (including) | 12.0s (including) |
| Ios | Cisco | 12.0sc (including) | 12.0sc (including) |
| Ios | Cisco | 12.0sl (including) | 12.0sl (including) |
| Ios | Cisco | 12.0st (including) | 12.0st (including) |
| Ios | Cisco | 12.0t (including) | 12.0t (including) |
| Ios | Cisco | 12.0wc (including) | 12.0wc (including) |
| Ios | Cisco | 12.0wt (including) | 12.0wt (including) |
| Ios | Cisco | 12.0xa (including) | 12.0xa (including) |
| Ios | Cisco | 12.0xb (including) | 12.0xb (including) |
| Ios | Cisco | 12.0xc (including) | 12.0xc (including) |
| Ios | Cisco | 12.0xd (including) | 12.0xd (including) |
| Ios | Cisco | 12.0xe (including) | 12.0xe (including) |
| Ios | Cisco | 12.0xf (including) | 12.0xf (including) |
| Ios | Cisco | 12.0xg (including) | 12.0xg (including) |
| Ios | Cisco | 12.0xh (including) | 12.0xh (including) |
| Ios | Cisco | 12.0xi (including) | 12.0xi (including) |
| Ios | Cisco | 12.0xj (including) | 12.0xj (including) |
| Ios | Cisco | 12.0xl (including) | 12.0xl (including) |
| Ios | Cisco | 12.0xm (including) | 12.0xm (including) |
| Ios | Cisco | 12.0xn (including) | 12.0xn (including) |
| Ios | Cisco | 12.0xp (including) | 12.0xp (including) |
| Ios | Cisco | 12.0xq (including) | 12.0xq (including) |
| Ios | Cisco | 12.0xr (including) | 12.0xr (including) |
| Ios | Cisco | 12.0xs (including) | 12.0xs (including) |
| Ios | Cisco | 12.0xu (including) | 12.0xu (including) |
| Ios | Cisco | 12.0xv (including) | 12.0xv (including) |
| Ios | Cisco | 12.1 (including) | 12.1 (including) |
| Ios | Cisco | 12.1aa (including) | 12.1aa (including) |
| Ios | Cisco | 12.1cx (including) | 12.1cx (including) |
| Ios | Cisco | 12.1da (including) | 12.1da (including) |
| Ios | Cisco | 12.1db (including) | 12.1db (including) |
| Ios | Cisco | 12.1dc (including) | 12.1dc (including) |
| Ios | Cisco | 12.1e (including) | 12.1e (including) |
| Ios | Cisco | 12.1ec (including) | 12.1ec (including) |
| Ios | Cisco | 12.1ex (including) | 12.1ex (including) |
| Ios | Cisco | 12.1ey (including) | 12.1ey (including) |
| Ios | Cisco | 12.1ez (including) | 12.1ez (including) |
| Ios | Cisco | 12.1t (including) | 12.1t (including) |
| Ios | Cisco | 12.1xa (including) | 12.1xa (including) |
| Ios | Cisco | 12.1xb (including) | 12.1xb (including) |
| Ios | Cisco | 12.1xc (including) | 12.1xc (including) |
| Ios | Cisco | 12.1xd (including) | 12.1xd (including) |
| Ios | Cisco | 12.1xe (including) | 12.1xe (including) |
| Ios | Cisco | 12.1xf (including) | 12.1xf (including) |
| Ios | Cisco | 12.1xg (including) | 12.1xg (including) |
| Ios | Cisco | 12.1xh (including) | 12.1xh (including) |
| Ios | Cisco | 12.1xi (including) | 12.1xi (including) |
| Ios | Cisco | 12.1xj (including) | 12.1xj (including) |
| Ios | Cisco | 12.1xk (including) | 12.1xk (including) |
| Ios | Cisco | 12.1xl (including) | 12.1xl (including) |
| Ios | Cisco | 12.1xm (including) | 12.1xm (including) |
| Ios | Cisco | 12.1xp (including) | 12.1xp (including) |
| Ios | Cisco | 12.1xq (including) | 12.1xq (including) |
| Ios | Cisco | 12.1xr (including) | 12.1xr (including) |
| Ios | Cisco | 12.1xs (including) | 12.1xs (including) |
| Ios | Cisco | 12.1xt (including) | 12.1xt (including) |
| Ios | Cisco | 12.1xu (including) | 12.1xu (including) |
| Ios | Cisco | 12.1xv (including) | 12.1xv (including) |
| Ios | Cisco | 12.1xw (including) | 12.1xw (including) |
| Ios | Cisco | 12.1xx (including) | 12.1xx (including) |
| Ios | Cisco | 12.1xy (including) | 12.1xy (including) |
| Ios | Cisco | 12.1xz (including) | 12.1xz (including) |
| Ios | Cisco | 12.1ya (including) | 12.1ya (including) |
| Ios | Cisco | 12.1yb (including) | 12.1yb (including) |
| Ios | Cisco | 12.1yc (including) | 12.1yc (including) |
| Ios | Cisco | 12.1yd (including) | 12.1yd (including) |
| Ios | Cisco | 12.1yf (including) | 12.1yf (including) |
| Ios | Cisco | 12.2 (including) | 12.2 (including) |
| Ios | Cisco | 12.2t (including) | 12.2t (including) |
| Ios | Cisco | 12.2xa (including) | 12.2xa (including) |
| Ios | Cisco | 12.2xd (including) | 12.2xd (including) |
| Ios | Cisco | 12.2xe (including) | 12.2xe (including) |
| Ios | Cisco | 12.2xh (including) | 12.2xh (including) |
| Ios | Cisco | 12.2xq (including) | 12.2xq (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://www.cert.org/advisories/CA-2001-14.html
- http://www.ciac.org/ciac/bulletins/l-106.shtml
- http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
- http://www.osvdb.org/578
- http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org
- http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com
- http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com
- http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu
- http://www.securityfocus.com/bid/2936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
- http://www.cert.org/advisories/CA-2001-14.html
- http://www.ciac.org/ciac/bulletins/l-106.shtml
- http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
- http://www.osvdb.org/578
- http://www.securityfocus.com/archive/1/1601227034.20010702112207%40olympos.org
- http://www.securityfocus.com/archive/1/20010703011650.60515.qmail%40web14910.mail.yahoo.com
- http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70%40brussels.cisco.com
- http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000%40Lib-Vai.lib.asu.edu
- http://www.securityfocus.com/bid/2936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6749