Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2020-3148
HistoryMar 04, 2020 - 7:15 p.m.

CVE-2020-3148

2020-03-0419:15:12
CWE-352
cisco
web.nvd.nist.gov
58
cve
2020
3148
csrf
vulnerability
cisco
prime
network
registrar
cpnr
web-based interface
cross-site request forgery
nvd
networking services
security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON

A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device’s configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device’s configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.

Affected configurations

Nvd
Node
ciscoprime_network_registrarRange<10.1
VendorProductVersionCPE
ciscoprime_network_registrar*cpe:2.3:a:cisco:prime_network_registrar:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Prime Network Registrar",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
cisco 1
threatpost 2
nvd
nvd
CVE-2020-3148
2020-03-04 19:15:12
prion
prion
Cross site request forgery (csrf)
2020-03-04 19:15:00
cvelist
cvelist
CVE-2020-3148 Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability
2020-03-04 18:40:27
cisco
cisco
Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability
2020-03-04 16:00:00
threatpost
threatpost
High-Severity Cisco Webex Flaws Fixed
2020-03-05 15:11:11
High-Severity Cisco Webex Flaws Fixed
2020-03-05 15:11:11

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

33.0%

JSON
Related for CVE-2020-3148
nvd1prion1cvelist1cisco1threatpost2