Home

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

PUBLISHED Reserved 2008-09-18 | Published 2008-09-18 | Updated 2026-07-13 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2026-07-13 | Due date 2026-07-16

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

References

www.exploit-db.com/exploits/6476 (6476) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/45226 (cisco-router-csrf(45226)) vdb-entry

jbrownsec.blogspot.com/2008/09/cisco-0day-released.html

www.exploit-db.com/exploits/6477 (6477) exploit

www.securityfocus.com/bid/31218 (31218) vdb-entry

media.defense.gov/.../-1/-1/1/CSA_IMPROVE_ROUTER_HYGIENE.PDF third-party-advisory

www.cisco.com/...co-ios-software-releases-12-4-mainline.html mitigation

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2008-4128 government-resource

www.exploit-db.com/exploits/6476 (6476) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/45226 (cisco-router-csrf(45226)) vdb-entry

jbrownsec.blogspot.com/2008/09/cisco-0day-released.html

www.exploit-db.com/exploits/6477 (6477) exploit

www.securityfocus.com/bid/31218 (31218) vdb-entry

cve.org (CVE-2008-4128)

nvd.nist.gov (CVE-2008-4128)

Download JSON