Computer Security Incident Response Team of Mauritius

Vulnerability in Cisco Prime Home

Severity Rating: High

System Affected:

· Cisco Prime Home 6.3

· Cisco Prime Home 6.4

Cisco Prime Home 6.5

Description:

A vulnerability was identified in the web-based GUI of Cisco Prime Home which could allow an unauthenticated, remote attacker to bypass authentication and perform unauthorized actions.

The vulnerability exists due to a processing error in the role-based access control (RBAC) of URLs.This vulnerability allows an attacker to send API commands via HTTP to a particular URL without prior authentication.

Source:

Solution

Users are advised to apply updates.

More information is available on:

Cisco Security Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home

Vendor Information

Cisco

http://www.cisco.com/

CVE Information

CVE-2017-3791

References

Security Focus

http://www.securityfocus.com/bid/95933/info

Cisco Security Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home

Contact Information

E-mail: contact@cert.ncb.mu

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis

Top Link Bar

VN-2017-20

Subscribe to newsletter