Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability

A vulnerability in the System Configuration Protocol (SCP) core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.

The vulnerability is due to lack of proper authentication controls for SCP messages. An attacker could exploit this vulnerability by sending specific SCP protocol messages to the targeted application. An exploit could allow the attacker to learn sensitive information about the application.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr”]