Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
Exploits
64762008-09-17remoteHardware
Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (1)
By Jeremy Brown
References
cve@mitre.org
http://www.securityfocus.com/bid/31218cve@mitre.org
https://www.exploit-db.com/exploits/6476cve@mitre.org
https://www.exploit-db.com/exploits/6477af854a3a-2127-422b-91ae-364da2661108
http://jbrownsec.blogspot.com/2008/09/cisco-0day-released.htmlaf854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/31218af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/45226af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/6476af854a3a-2127-422b-91ae-364da2661108
https://www.exploit-db.com/exploits/6477