This script is (C) 2010-2015 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
When the HTTP server is enabled and local authorization is used, it is
possible, under some circumstances, to bypass the authentication and
execute any command on the device. In that case, the user will be able
to exercise complete control over the device. All commands will be
executed with the highest privilege (level 15).
All releases of Cisco IOS software, starting with release 11.3 and
later, are vulnerable. Virtually all mainstream Cisco routers and
switches running Cisco IOS software are affected by this vulnerability.
Products that are not running Cisco IOS software are not vulnerable.
The workaround for this vulnerability is to disable HTTP server on the
router or to use Terminal Access Controller Access Control System
(TACACS+) or Radius for authentication.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Nessus Plugin ID: 48956 (cisco-sa-20010627-ios-http-levelhttp.nasl)
Bugtraq ID: 2936
CVE ID: CVE-2001-0537
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.