CVE-2020-3148

Description

A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the devices configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the devices configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.

Risk Information

Base Score

7.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

EPSS Score

Exploitation Probability

0.306

Associated Vulnerability

Vulnerability	OS Platform
Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability For Cisco Network Registrar	NCM
Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-3148)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706038	Security Update for Cisco Network Registrar 9.1

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234