Cyber Warfare · Today's Signal

Old Ghost, New Alarm: Cisco IOS CSRF Flaw From 2008 Lands on KEV List

Published 2026-07-14 · SAL Cyber Command Intelligence Network
Old Ghost, New Alarm: Cisco IOS CSRF Flaw From 2008 Lands on KEV List

CISA has added CVE-2008-4128, a cross-site request forgery vulnerability in Cisco IOS 12.4, to its Known Exploited Vulnerabilities catalog. The flaw allows remote attackers to execute arbitrary commands by tricking an authenticated device administrator into triggering crafted requests to the /level/15/exec/- and /level/15/exec/-/configure/http URIs — effectively hijacking privileged session context to run "show privilege" and "alias exec" commands without direct credential theft.

This is a legacy vulnerability dating to 2008, but its presence on the KEV catalog confirms it remains a live exploitation vector. CISA has not attributed known ransomware campaign use to this CVE, but the short compliance window — added July 13, due July 16 — signals urgency consistent with BOD 26-04 risk-based prioritization. Any network still running unpatched Cisco IOS 12.4 with web-based management interfaces exposed is a live target.

Operators should apply Cisco's vendor mitigations immediately, in line with BOD 26-04 guidance, and inventory all IOS 12.4 devices to confirm exposure. Where the product is cloud-managed, follow BOD 26-04's cloud service guidance; where mitigations are unavailable, discontinue use of the affected configuration. Evaluate internet-facing management interfaces for exposure now, disable unnecessary HTTP/HTTPS admin access, and be prepared to execute forensics triage per CISA's requirements if compromise indicators surface. Treat the July 16 deadline as non-negotiable.

Sources: CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-4128
SAL SENTRY — your private AI security operations center.24/7 watch on network, cloud, endpoints, and email. Flat $999/mo. Live in 48 hours.