Cisco IOS Vulnerability CVE-2008-4128 Under Active Exploitation

Cisco IOS Vulnerability CVE-2008-4128 Under Active Exploitation

First seen 14 Jul 2026, 14:06 UTC Heise.DeCybersecuritynewsnvd.nist.gov 85% similarity 80.0

Article Content

Browse articles
ThreatCluster

CISA has warned of ongoing attacks exploiting the CVE-2008-4128 vulnerability in Cisco IOS 12.4, a cross-site request forgery flaw. This vulnerability, which has been known since 2008, allows attackers to execute arbitrary commands on affected routers. The vulnerability was added to CISA's Known Exploited Vulnerabilities Catalog on July 13, 2026. Attackers, potentially linked to Russian state actors, are targeting poorly configured devices globally. The advisory emphasizes the need for IT managers to check for vulnerable devices and apply necessary updates or replacements. CISA has provided a protection guide detailing countermeasures against these attacks. The vulnerability affects Cisco's 871 Integrated Services Router and poses a medium risk (CVSS 4.3). Recent attacks have highlighted the ongoing threat posed by legacy vulnerabilities in critical infrastructure. Security professionals are urged to implement recommended security measures immediately.

Key Points: • CVE-2008-4128 is a CSRF vulnerability in Cisco IOS 12.4, actively exploited since July 2026. • CISA has linked the attacks to Russian state actors targeting vulnerable network devices. • IT managers are advised to secure routers by updating or replacing affected devices.

ThreatCluster AI

Timeline

2008-09-18
CVE-2008-4128 published
Cisco disclosed a CSRF vulnerability affecting IOS 12.4, allowing remote command execution.
nvd.nist.gov
2021-11-03
CVE-2018-0171 added to CISA KEV
CISA added CVE-2018-0171 to its Known Exploited Vulnerabilities Catalog due to active exploitation.
nvd.nist.gov
2026-07-13
CVE-2008-4128 added to CISA KEV
CISA added CVE-2008-4128 to its Known Exploited Vulnerabilities Catalog, indicating active exploitation.
Heise.De
2026-07-14
CISA issues protection guide
CISA and international authorities released a guide to protect against attacks exploiting CVE-2008-4128.
Heise.De
Recent
Ongoing attacks reported
Reports indicate that attackers are actively exploiting the CVE-2008-4128 vulnerability in various networks.
Cybersecuritynews

Community

Browse all →