Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 12.4 |
| Cisco | 871 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlBroken Link
- http://www.securityfocus.com/bid/31218ExploitThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45226Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/6476ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/6477ExploitThird Party AdvisoryVDB Entry
- http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlBroken Link
- http://www.securityfocus.com/bid/31218ExploitThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45226Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/6476ExploitThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/6477ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2008-4128?
CVE-2008-4128 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary comm...
How severe is CVE-2008-4128?
CVE-2008-4128 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4128?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 871 Integrated Services Router.