Unrated severityNVD Advisory· Published Sep 18, 2008· Updated Jun 16, 2026
CVE-2008-4128
CVE-2008-4128
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
- (no CPE)range: 12.4
- Range: 12.4
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/31218nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/6476nvdExploitThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/6477nvdExploitThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/45226nvdThird Party AdvisoryVDB Entry
- jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.