CVE-2009-0471

Name of the Vulnerable Software and Affected Versions Cisco IOS version 12.4(23)

Description A cross-site request forgery (CSRF) issue in the HTTP server allows remote attackers to execute arbitrary commands. This can be demonstrated by executing the hostname command with a "level/15/configure/-/hostname" request.

Recommendations For Cisco IOS version 12.4(23), consider disabling the HTTP server or restricting access to it until a patch is available. As a temporary workaround, restrict the use of the level 15 configure functionality to minimize the risk of exploitation.