Input validation error in Cisco Prime Network Registrar

#VU28148 Input validation error in Cisco Prime Network Registrar

Published: 2020-05-21

Vulnerability identifier: #VU28148

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-3272

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Prime Network Registrar
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the DHCP server. A remote attacker can send a specially crafted DHCP request and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Prime Network Registrar: 8.3.0 - 10.1

CPE

cpe:2.3:a:cisco_systems:cisco_prime_network_registrar:8.3.0:*:*:*:*:*:*:*

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cpnr-dhcp-dos-BkEZfhLP

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Denial of service in Cisco Prime Network Registrar