cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3272,https://securityvulnerability.io/vulnerability/CVE-2020-3272,Cisco Prime Network Registrar DHCP Denial of Service Vulnerability,"A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition.",Cisco,Cisco Prime Network Registrar,7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:32.000Z,,false,false,,2020-05-22T06:15:00.000Z,0
CVE-2020-3148,https://securityvulnerability.io/vulnerability/CVE-2020-3148,Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based interface of Cisco Prime Network Registrar (CPNR) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections in the web-based interface. An attacker could exploit this vulnerability by persuading a targeted user, with an active administrative session on the affected device, to click a malicious link. A successful exploit could allow an attacker to change the device's configuration, which could include the ability to edit or create user accounts of any privilege level. Some changes to the device's configuration could negatively impact the availability of networking services for other devices on networks managed by CPNR.",Cisco,Cisco Prime Network Registrar,7.1,HIGH,0.0007699999841861427,false,,false,false,true,2024-08-04T08:16:26.000Z,,false,false,,2020-03-04T00:00:00.000Z,0
CVE-2019-1852,https://securityvulnerability.io/vulnerability/CVE-2019-1852,Cisco Prime Network Registrar Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.",Cisco,Cisco Prime Network Registrar,6.1,MEDIUM,0.001509999972768128,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1840,https://securityvulnerability.io/vulnerability/CVE-2019-1840,Cisco Prime Network Registrar Denial of Service Vulnerability,"A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected.",Cisco,Cisco Prime Network Registrar,8.6,HIGH,0.0009399999980814755,false,,false,false,true,2024-08-04T19:16:13.000Z,,false,false,,2019-04-18T02:29:00.000Z,0
CVE-2017-6613,https://securityvulnerability.io/vulnerability/CVE-2017-6613,,"A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412.",Cisco,Cisco Prime Network Registrar,5.8,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2017-04-20T22:00:00.000Z,0