CVE-2008-3821

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 11.0 through 12.4

Description The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the ping program or other aspects of the URI, due to an input sanitization error in the embedded HTTP server. This could enable an unauthenticated, remote attacker to execute arbitrary HTML and script code in the user's browser session by convincing a user to follow a malicious link.

Recommendations For Cisco IOS versions 11.0 through 12.4, update to the latest software version that includes the fix for this issue. As a temporary workaround, consider disabling the embedded HTTP server when it is not in use to minimize the risk of exploitation.