๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2008-4128: Cisco IOS Cross-Site Request Forgery Vulnerability
Summary
Cisco IOS 12.4 has a CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into) that lets remote attackers run unauthorized commands through specific web URIs. This is an old vulnerability from 2008, but it's currently being actively exploited by attackers in real-world attacks.
Solution / Mitigation
Apply mitigations according to vendor (Cisco) instructions while following CISA's BOD 26-04 guidance on prioritizing security updates. If mitigations are unavailable, discontinue use of the product. Organizations must evaluate each device's exposure to the internet and ensure compliance with BOD 26-04 patching guidelines by the due date of 2026-07-16.
Vulnerability Details
EPSS: 12.0%
Yes
๐ฅ Actively Exploited
July 12, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2008-4128
First tracked: July 13, 2026 at 02:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%