CVE-2017-5473 Ntop CVE debrief

Who should care

Organizations running ntopng up to and including version 2.4, especially teams that expose the web UI to user browsers and rely on ntopng administrators or delegated operators.

Technical summary

NVD classifies the weakness as CWE-352 (CSRF) with CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability affects ntopng versions through 2.4 and is demonstrated against admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. The issue is consistent with an attacker causing a logged-in victim to submit unintended state-changing requests.

Defensive priority

High. The vulnerability is network-reachable and requires only user interaction, but it can affect high-value administrative actions and carries a high CVSS score.

Recommended defensive actions

• Upgrade ntopng to a version newer than 2.4 that includes the vendor fixes referenced in the linked GitHub commits.
• Review any browser-exposed administrative workflows in ntopng and ensure state-changing actions require CSRF protections.
• Confirm that administrative accounts use strong authentication and that access to the ntopng web interface is tightly restricted.
• Audit logs for suspicious user-management or password-reset activity around periods when the interface was exposed to authenticated users.
• Validate that reverse proxies, SSO layers, or session controls do not bypass application-level request validation.

Evidence notes

The description, version range, and CWE come from NVD. NVD lists vulnerable ntopng versions through 2.4 and identifies CSRF as the weakness. The reference list includes two ntopng GitHub commits marked as patches, a SecurityFocus advisory entry, and an Exploit-DB reference. This debrief does not rely on unsupported details from those external pages beyond their presence in the supplied corpus.

Official resources