Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2008-4128
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-18 Sep, 2008 | 20:00
Updated At-22 May, 2023 | 17:08

Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Cisco Systems, Inc.
cisco
>>ios>>12.4
cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
Cisco Systems, Inc.
cisco
>>871_integrated_services_router>>-
cpe:2.3:h:cisco:871_integrated_services_router:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlcve@mitre.org
Broken Link
http://www.securityfocus.com/bid/31218cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45226cve@mitre.org
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/6476cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/6477cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
Change History
0Changes found
Details not found