Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
890
VMScore

CVE-2017-3791

Published: 01/02/2017 Updated: 09/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cisco Prime Home

Vulnerability Summary

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote malicious user to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the malicious user to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco cisco prime home 6.4.2.1

cisco cisco prime home 6.4.2.0

cisco cisco prime home 6.4.1.0

cisco cisco prime home 6.4.0.0

cisco cisco prime home 6.3.0.0

cisco cisco prime home 6.3.1.0

Recent Articles

Home-pwners: Cisco's Prime Home lets hackers hijack people's routers, no questions asked
The Register • Shaun Nichols in San Francisco • 01 Feb 2017

Remote unauthenticated control over a vulnerable ISP's gear

Cisco is advising ISPs and other service providers using its Prime Home system to install a security update immediately – to squash a serious remote execution bug. Switchzilla says the flaw, which was given a 10.0 CVSS score, could allow an attacker to log into the software as an administrator and remotely take control of thousands upon thousands of customers' home routers, broadband gateways and similar boxes. "An attacker could exploit this vulnerability by sending API commands via HTTP to a...

Read more...

References

CWE-287https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-homehttp://www.securityfocus.com/bid/95933https://nvd.nist.govhttps://www.theregister.co.uk/2017/02/01/cisco_remote_access_hole_in_prime_home/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook