CVE-2008-4128

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4128
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html Broken Link
http://www.securityfocus.com/bid/31218 Exploit Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/45226 Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6476 Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/6477 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:871_integrated_services_router:-:*:*:*:*:*:*:*
History

22 May 2023, 17:08

Type Values Removed Values Added
First Time Cisco 871 Integrated Services Router
CPE cpe:2.3:h:cisco:integrated_services_router_871:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:871_integrated_services_router:-:*:*:*:*:*:*:*

23 May 2022, 16:25

Type Values Removed Values Added
First Time Cisco integrated Services Router 871
CPE cpe:2.3:h:cisco:ios:12.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:-871_integrated_services_router:*:*:*:*:*:*:*:*		 cpe:2.3:o:cisco:ios:12.4:*:*:*:*:*:*:*
cpe:2.3:h:cisco:integrated_services_router_871:-:*:*:*:*:*:*:*
References (MISC) http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html - (MISC) http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html - Broken Link
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/6477 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/6477 - Exploit, Third Party Advisory, VDB Entry
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/6476 - (EXPLOIT-DB) https://www.exploit-db.com/exploits/6476 - Exploit, Third Party Advisory, VDB Entry
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45226 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/45226 - Third Party Advisory, VDB Entry
References (BID) http://www.securityfocus.com/bid/31218 - Exploit (BID) http://www.securityfocus.com/bid/31218 - Exploit, Third Party Advisory, VDB Entry
Information

Published : 2008-09-18 20:00

Updated : 2023-12-10 10:51

NVD link : CVE-2008-4128

Mitre link : CVE-2008-4128

CVE.ORG link : CVE-2008-4128

JSON object : View

Products Affected

cisco

  • 871_integrated_services_router
  • ios
CWE
CWE-352

Cross-Site Request Forgery (CSRF)