Rewterz Threat Advisory – Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability

March 5, 2020

Severity

High

Analysis Summary

CVE-2020-3148

The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device’s configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device’s configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.

Impact

Cross site request forgery

Affected Vendors

Cisco

Affected Products

Cisco Prime Network Registrar releases earlier than 10.1

Remediation

Refer to vendor’s advisory for the list of affected products and upgraded patches.https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-csrf-WWTrDkyL

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Mailto Ransomware Injecting Into explorer.exe

Rewterz Threat Advisory – Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.