The Cisco Prime Home system has been identified as very vulnerable and the vendor is advising service providers to apply a critical emergency update.
Update Your Cisco Prime Home To The Latest Version
Cisco Prime Home system users be warned! The company has issued an advisory to all Internet service providers and customers that the system is vulnerable to a dangerous security vulnerability.
The Cisco Prime Home solution is an enterprise system that is used to remote manage various connected customer devices. It allows for easy zero-touch provisioning, remote configuration, software upgrades and real-time diagnosis.
The flaw is a dangerous remote execution bug that is rated with a CVS score of 10.0. In essence it allows remote attackers to log into the system software with administrator privileges and take control of all assigned home routers, gateways and other network equipment. The vulnerability was discovered in the web-based graphical user interface of Cisco Prime Home. The reason for its existence is related to a processing error in the role-based access control (RBAC) of the parsed URLs. The criminals can exploit the bug by sending specific API commands via the HTTP protocol to a particular URL without prior authentication. As a result the attackers can execute any action in Cisco Prime Home with administrator privileges.
The vulnerability affects versions from 6.3.0.0 to the first fixed release. Cisco Prime Home administrators can check if their system is vulnerable by following these steps:
- Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text.
The official advisory description is the following:
Cisco Security Advisory
Cisco Prime Home Authentication Bypass Vulnerability
Critical
Advisory ID: cisco-sa-20170201-prime-home
First Published: 2017 February 1 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs:
CSCvb49837
CVSS Score:
Base 10.0, Temporal 10.0
Base 10.0, Temporal 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
CVE-2017-3791
CWE-287
Summary
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges.
The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Fore more information visit Cisco’s page.
