CVE-2017-20045 – This critical CSRF vulnerability in Navetti Pri... (How to Fix)

Q: What is the severity of CVE-2017-20045?

CVE-2017-20045 has a CVSS score of 7.3 (HIGH). This critical CSRF vulnerability in Navetti PricePoint 4.6.0.0 allows attackers to trick authenticated users into performing unintended actions by sending malicious requests. It affects all users of the vulnerable version who access the application through a web browser. The vulnerability is remotely exploitable and can lead to unauthorized actions being performed on behalf of legitimate users.

📋 TL;DR

This critical CSRF vulnerability in Navetti PricePoint 4.6.0.0 allows attackers to trick authenticated users into performing unintended actions by sending malicious requests. It affects all users of the vulnerable version who access the application through a web browser. The vulnerability is remotely exploitable and can lead to unauthorized actions being performed on behalf of legitimate users.

💻 Affected Systems

Products:

Navetti PricePoint

Versions: 4.6.0.0

Operating Systems: All platforms running PricePoint

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of version 4.6.0.0 are vulnerable regardless of configuration. The vulnerability is in the web application layer.

📦 What is this software?

Pricepoint by Vendavo

View all CVEs affecting Pricepoint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could perform administrative actions, modify pricing data, change user permissions, or compromise the entire PricePoint system by tricking administrators into executing malicious requests.

🟠

Likely Case

Attackers would typically use this to modify pricing configurations, create unauthorized user accounts, or exfiltrate sensitive pricing data by crafting malicious links or forms that authenticated users might inadvertently execute.

🟢

If Mitigated

With proper CSRF protections and user awareness training, the risk is significantly reduced as users would be less likely to click suspicious links and the application would validate request origins.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details were publicly disclosed in March 2017. CSRF attacks are relatively simple to execute once the vulnerable endpoints are identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.0.0

Vendor Advisory: No official vendor advisory found in provided references

Restart Required: Yes

Instructions:

1. Backup current PricePoint installation and data. 2. Download version 4.7.0.0 from Navetti. 3. Follow vendor upgrade procedures. 4. Restart application services. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to all state-changing forms and endpoints

Requires code modification - implement anti-CSRF tokens in web application

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF patterns
Educate users about phishing risks and implement strict access controls to limit damage scope

🔍 How to Verify

Check if Vulnerable:

Check PricePoint version in admin interface or configuration files. If version is 4.6.0.0, system is vulnerable.

Check Version:

Check web interface or configuration files for version information

Verify Fix Applied:

Verify version is 4.7.0.0 or higher in admin interface. Test CSRF protection by attempting to submit forms without proper tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple failed state-changing requests from same IP
Requests missing referrer headers or CSRF tokens
Unusual administrative actions from non-admin IPs

Network Indicators:

HTTP POST requests to PricePoint endpoints without proper referrer headers
Requests with suspicious parameters from unexpected sources

SIEM Query:

source="pricepoint" AND (http_method="POST" OR http_method="PUT") AND (NOT csrf_token=* OR referrer="")

📊 Metadata

CVE ID: CVE-2017-20045

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-352

Published: June 13, 2022

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2017/Mar/24 Exploit,Mailing List,Third Party Advisory
https://vuldb.com/?id.97864 Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2017/Mar/24 Exploit,Mailing List,Third Party Advisory
https://vuldb.com/?id.97864 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-20045, you might also want to check these: