Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4128Cross-Site Request Forgery in Cisco IOS

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
2.3%
top 15.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco IOS
Timeline
PublishedSep 18
Latest updateMay 2

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/ios12.4

🔴Vulnerability Details

2
GHSA
GHSA-6977-wjv6-r929: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 122022-05-02
CVEList
CVE-2008-4128: Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 122008-09-18

💥Exploits & PoCs

1
Exploit-DB
Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (1)2008-09-17
CVE-2008-4128 — Cross-Site Request Forgery in Cisco IOS | cvebase