Vulnerability Details CVE-2008-4128
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.12
EPSS Ranking 95.6%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 9.3
Proposed Action
Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI.
Ransomware Campaign
Unknown
Products affected by CVE-2008-4128
-
cpe:2.3:h:cisco:871_integrated_services_router:-
-