cvedb.io
CVE-2008-4128
MEDIUM · CVSS 4.3 ⚠ KEV — EXPLOITED
EPSS exploitation probability: 0%
⚠ Listed in the CISA Known Exploited Vulnerabilities catalog — actively exploited.
Published 2008-09-18T20:00:00.530 · Last modified 2026-07-13T19:12:50.570

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

Affected products

Cisco — IOS

Does this affect you?

Add your gear to cvedb and we'll alert you only when Cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.