VYPR
kevPublished Jul 13, 2026· Updated Jul 14, 2026· 2 sources

Cisco: CVE-2008-4128 Added to CISA KEV Under Active Exploitation

Key findings • CVE-2008-4128, a Cisco vulnerability, is now confirmed actively exploited in the wild. • CISA added this flaw to its Known Exploited Vulnerabilities catalog on July 13, 2026. …

Key findings

  • CVE-2008-4128, a Cisco vulnerability, is now confirmed actively exploited in the wild.
  • CISA added this flaw to its Known Exploited Vulnerabilities catalog on July 13, 2026.
  • Federal agencies must remediate CVE-2008-4128 by January 13, 2027.
  • Active exploitation necessitates immediate patching and security updates for all affected systems.

CISA has added CVE-2008-4128, a vulnerability affecting Cisco Systems, Inc. products, to its Known Exploited Vulnerabilities (KEV) catalog. This addition on July 13, 2026, signifies that the flaw is no longer theoretical but has been confirmed to be actively exploited by threat actors in real-world attacks. The inclusion in the KEV catalog serves as a critical alert for all organizations, particularly federal agencies, to prioritize its immediate remediation.

CVE-2008-4128, identified simply by its identifier, represents a significant security risk. While specific details of its exploitation are not publicly disclosed in the KEV entry, its presence in the catalog underscores that adversaries are successfully leveraging this vulnerability to compromise systems. The age of the CVE, dating back to 2008, highlights that even older flaws can remain potent threats if not adequately addressed over time.

The KEV catalog is a definitive list of vulnerabilities that carry significant risk due to their active exploitation. CISA mandates that federal civilian executive branch agencies remediate vulnerabilities on this list within specific deadlines to protect against ongoing threats. For CVE-2008-4128, the remediation due date is set for January 13, 2027, providing a six-month window for compliance.

All organizations, not just federal agencies, are strongly advised to review their environments for any instances of affected Cisco products and apply the necessary patches or mitigations without delay. Proactive vulnerability management, including regular scanning and patching cycles, is essential to prevent exploitation. Prioritizing KEV-listed vulnerabilities is a fundamental step in strengthening an organization's overall cybersecurity posture against known and active threats.

The new article provides further details on CVE-2008-4128, a decades-old cross-site request forgery vulnerability in Cisco IOS versions 12.4(12) and 12.4(4), which CISA has added to its Known Exploited Vulnerabilities Catalog. It elaborates on the technical mechanism, explaining how attackers can exploit the web management functionality to execute arbitrary commands, potentially by leveraging specific URIs or alias commands. The article also notes that while CISA did not identify the threat actor or campaign, the vulnerability is not currently known to be exploited in ransomware attacks, and it emphasizes the need for organizations to review their Cisco IOS assets and apply mitigations.

Synthesized by Vypr AI