CVE-2008-41286
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
- Listed on CISA KEV (known exploited in the wild)
- SSVC exploitation status: active
- EPSS ≥ 0.10 - elevated exploitation probability
- EPSS percentile: top 2% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
Exploitation evidence
2 of 7 sourcesExploitation momentum
1225 days of EPSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N- 18 Sep 2008Published to NVD
- 13 Jul 2026Last modified
- 13 Jul 2026Added to CISA KEV
Public Exploits & PoCs
6Required Remediation
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
ATT&CK techniques
1Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
▤ Build a SIEM detection for these techniquesCAPEC attack patterns
4Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.