What is CVE-2008-4128?
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Timeline
- 2008-09-18Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-13Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-14NVD record last updated
- 2026-07-16CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
Cisco IOS Cross-Site Request Forgery Vulnerability
Affected product
Cisco IOS
NVD also lists CPE entries for: Cisco Ios, Cisco 871 Integrated Services Router
Remediation Steps
- Check CISA Known Exploited Vulnerabilities Catalog for Cisco advisory and patch information
- Apply vendor patch from Cisco Security Advisories
- Verify Cisco IOS version after patching
- Monitor for signs of unauthorized access or configuration changes on affected devices
References
Referenced in our briefings & reports
- Vulnerability Priority Report – Week 2 of July 2026 (July 13 – 19)
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.