CVE-2009-0470

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4(23)

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the HTTP server. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the PATH INFO to the default URI under specific endpoints, such as "/level/15/exec/-/" or "/exec/".

Recommendations For Cisco IOS version 12.4(23), consider disabling access to the vulnerable HTTP server endpoints "/level/15/exec/-/" and "/exec/" as a temporary workaround until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.