—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20170201-prime-home
Revision 1.0
For Public Release 2017 February 1 16:00 UTC (GMT)
+———————————————————————
Summary
=======
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated,
remote attacker to bypass authentication and execute actions with administrator privileges.
The vulnerability is due to a processing error in the role-based access control (RBAC) of
URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a
particular URL without prior authentication. An exploit could allow the attacker to perform
any actions in Cisco Prime Home with administrator privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds
that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
—–BEGIN PGP SIGNATURE—–
iQIVAwUBWJHyOa89gD3EAJB5AQIIsBAAzigHM2b3CTJ8/YbZyE4MF70eF0rWHN6o
pTOK5kZkKgdqAVruuApy7SRf/VzEN+DzifId1oYiWG0bTHjUcxV3hXq59IN4tHbD
8o5TUwc4rqRME/MS3bts3NeCl+xBvyu/uCuDWJK5ENOA29aMMe7kifJlmgyFhX3Y
ywSqS+6g5YdTi7MDEgId7wZRXFKBpMimU4vhEdnaytxmQGtCIi6UGeO673bUUBDA
fhU9RYktiJISwOP4l06Q+oMcbU5Kw3A89OMmRiSnBe34piDLhUHcSW5UFgUfvU5l
b50XuomRS5h/dteP+A+SexFai1szYt4v+Vv5XF5R4Z1BefmFSqcobSuu1/BrMTuD
kBoQqZhe92SHhDs7MVqRL12uT4v/h/saAvEZy7EO483rZcSIzURFkwg5Ft8vsK02
3h1H+AmeYjedI03cfAxsd8NJ8EbgHeLwXOLgTNfiVS5jIv9vrB8gNey7yoXi6iOj
mFo+pOysoMI66R1rtkgDQm2vLVqOI0+xUlPa8P94N5MWKF8rFsa9bJkXR0/kaotD
EHI11ZaQIsP/E2OCK7MHymnmbkNl42bWghLIMXDVmlJ79oyMcjcCQAU1DaTJAu0l
j03VX9FOqLmSwX3vslCUY7Tdgp64I5yTTUZ0n3bP9/0K5D0ISt9XaQwP+4/BwDAG
fZECne7i/l8=
=3ql4
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com