As reported by Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco IOS flaw, identified as CVE-2008-4128, to its catalog of Known Exploited Vulnerabilities (KEV). This action mandates federal agencies to address the vulnerability by a specific deadline.The vulnerability, affecting Cisco IOS 12.4 on Cisco 871 Integrated Services Routers, involves multiple cross-site request forgery (CSRF) flaws within the HTTP Administration interface. Attackers can exploit these weaknesses to trick authenticated administrators into executing arbitrary commands, potentially leading to device compromise. The flaws allow for the execution of commands like "show privilege" and "alias exec" through specific URIs.CISA has issued Binding Operational Directive 22-01, requiring federal agencies to remediate this vulnerability by July 13, 2026, to mitigate the significant risk posed by its exploitation. Private organizations are also strongly encouraged to review the KEV catalog and address any identified vulnerabilities within their own infrastructure to enhance overall cybersecurity posture.Source: Security Affairs
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




