CVE-2008-4128

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4 on the 871 Integrated Services Router

Description The issue allows remote attackers to execute arbitrary commands. This is achieved through cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component. Specifically, the vulnerabilities can be exploited via certain commands to specific API endpoints, such as the show privilege command to the "/level/15/exec/-" URI and the alias exec command to the "/level/15/exec/-/configure/http" URI.

Recommendations For Cisco IOS version 12.4 on the 871 Integrated Services Router, consider disabling access to the HTTP Administration component until a fix is available. Restrict access to the /level/15/exec/- and /level/15/exec/-/configure/http API endpoints to minimize the risk of exploitation. Avoid using the show privilege and alias exec commands in the affected API endpoints until the issue is resolved.