10 - cisco-sa-20161102-cph

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.

The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized - including users with administrator privileges.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBWBoUuq89gD3EAJB5AQKpghAAqO51AV155QF6Sj3wfDwQyy5DOCUbnzJT OSkWF9NDsXB9GBEtAD9Vtm9peenvpbuqbT8k1WvDUo3+5NVyRht+u7kUjriEEfat H5DfYqVAqgaSh45rHfl7zjINRa0dWdVFFA0HZOVkMrLjZ7y86DmCED3JDnXeucEF nsbE/m+eMw++Qizgz0KRCedIwSBYwfAtibbr8E4Ch2t2SeDBXcHAXwboc1YgfjOS hopqKwVnb947QcWKAPBtBKWO9L7LAFxSiTMypnR+wVDlmDkUFX6veH3bUDYCSJaX W1/yxfGkMygyfozq5lDBl6KJH6v8uITAvBNr0G4Ffr/hIgoOhj8YcKQYDHvCdY0p lfdmtE43zMgmVn50dPujpkbqwMoARpAKwBvKAXe3EnqR4mgEWg0QpX0Z7kF2Y9XG J1XJyKYcDlS20tkxX7EJ7i85ik673lSI+OJEgoHOtkwyjaZQ/didLQRYzWtooEzS PB07Ln+oUkiT2U0pwLpKeiDMBeCajMQOLbOiih7Y6NbgH9UuHvOr7WNZiGsaeasl GUb9sANXyAp2gEm2dZ2hNdWMTmn3U4K/l2w1fBGtAU5MzpzHWsSwDrznxZzuMScy E6yrGJHs4IF6jNoKPvzdjO7v3FV5QQ6JatbWh8FU+9TkC+rQFQ2ZQSpnA0eys6yt ZddiKw1knKQ= =Dqez END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com