How severe is CVE-2020-3148?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2020-3148?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2020-3148 - HIGH Severity | CVSS 7.1

Vulnerability Description

A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device's configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device's configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.

Related Vulnerabilities

CVE-2017-6038

HIGH

CVSS:7.1(High)

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were...

CWE-3522017

CVE-2017-6914

HIGH

CVSS:7.1(High)

CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. A user can be deleted.

CWE-3522017

CVE-2019-1003044

HIGH

CVSS:7.1(High)

A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtai...

CWE-3522019

CVE-2019-19664

HIGH

CVSS:7.1(High)

A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGener...

CWE-3522019

CVE-2020-10771

HIGH

CVSS:7.1(High)

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request...

CWE-3522020

CVE-2020-14368

HIGH

CVSS:7.1(High)

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing ...

CWE-3522020