Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
History

Mon, 13 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 13 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-07-13T00:00:00+00:00', 'dueDate': '2026-07-16T00:00:00+00:00'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-18T20:00:00.000Z

Updated: 2026-07-14T03:55:37.929Z

Reserved: 2008-09-18T00:00:00.000Z

Link: CVE-2008-4128

cve-icon Vulnrichment

Updated: 2024-08-07T10:08:34.051Z

cve-icon NVD

Status : Modified

Published: 2008-09-18T20:00:00.530

Modified: 2026-06-16T22:57:13.813

Link: CVE-2008-4128

cve-icon Redhat

No data.