Executive Summary
Summary | |
---|---|
Title | Cisco Prime Home Authentication Bypass Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170201-prime-home | First vendor Publication | 2017-02-01 |
Vendor | Cisco | Last vendor Modification | 2017-02-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home BEGIN PGP SIGNATURE iQIVAwUBWJHyOa89gD3EAJB5AQIIsBAAzigHM2b3CTJ8/YbZyE4MF70eF0rWHN6o pTOK5kZkKgdqAVruuApy7SRf/VzEN+DzifId1oYiWG0bTHjUcxV3hXq59IN4tHbD 8o5TUwc4rqRME/MS3bts3NeCl+xBvyu/uCuDWJK5ENOA29aMMe7kifJlmgyFhX3Y ywSqS+6g5YdTi7MDEgId7wZRXFKBpMimU4vhEdnaytxmQGtCIi6UGeO673bUUBDA fhU9RYktiJISwOP4l06Q+oMcbU5Kw3A89OMmRiSnBe34piDLhUHcSW5UFgUfvU5l b50XuomRS5h/dteP+A+SexFai1szYt4v+Vv5XF5R4Z1BefmFSqcobSuu1/BrMTuD kBoQqZhe92SHhDs7MVqRL12uT4v/h/saAvEZy7EO483rZcSIzURFkwg5Ft8vsK02 3h1H+AmeYjedI03cfAxsd8NJ8EbgHeLwXOLgTNfiVS5jIv9vrB8gNey7yoXi6iOj mFo+pOysoMI66R1rtkgDQm2vLVqOI0+xUlPa8P94N5MWKF8rFsa9bJkXR0/kaotD EHI11ZaQIsP/E2OCK7MHymnmbkNl42bWghLIMXDVmlJ79oyMcjcCQAU1DaTJAu0l j03VX9FOqLmSwX3vslCUY7Tdgp64I5yTTUZ0n3bP9/0K5D0ISt9XaQwP+4/BwDAG fZECne7i/l8= =3ql4 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-02-03 | Cisco Prime Home portlet API access detected RuleID : 41487 - Revision : 1 - Type : POLICY-OTHER |
Alert History
Date | Informations |
---|---|
2017-02-06 00:25:38 |
|
2017-02-01 21:23:42 |
|