Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/31218 | Exploit Third Party Advisory VDB Entry |
http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/45226 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/6477 | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/6476 | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2008-09-18 13:00
Updated : 2022-05-23 09:25
NVD link : CVE-2008-4128
Mitre link : CVE-2008-4128
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
cisco
- ios
- integrated_services_router_871