← back
CVE-2008-4128

CVE-2008-4128

EPSS 12.0%
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/6477unverifiedcve_referencewww.exploit-db.com/exploits/6476unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45226https://www.exploit-db.com/exploits/6476https://www.exploit-db.com/exploits/6477http://www.securityfocus.com/bid/31218