You are here
Home > Preporuke > Ranjivost Cisco Prime Home platforme

Ranjivost Cisco Prime Home platforme

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: URG
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20161102-cph

Revision 1.0

For Public Release 2016 November 2 16:00 UTC (GMT)

+———————————————————————

Summary
=======

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.

The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit
could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized – including users
with administrator privileges.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBWBoUuq89gD3EAJB5AQKpghAAqO51AV155QF6Sj3wfDwQyy5DOCUbnzJT
OSkWF9NDsXB9GBEtAD9Vtm9peenvpbuqbT8k1WvDUo3+5NVyRht+u7kUjriEEfat
H5DfYqVAqgaSh45rHfl7zjINRa0dWdVFFA0HZOVkMrLjZ7y86DmCED3JDnXeucEF
nsbE/m+eMw++Qizgz0KRCedIwSBYwfAtibbr8E4Ch2t2SeDBXcHAXwboc1YgfjOS
hopqKwVnb947QcWKAPBtBKWO9L7LAFxSiTMypnR+wVDlmDkUFX6veH3bUDYCSJaX
W1/yxfGkMygyfozq5lDBl6KJH6v8uITAvBNr0G4Ffr/hIgoOhj8YcKQYDHvCdY0p
lfdmtE43zMgmVn50dPujpkbqwMoARpAKwBvKAXe3EnqR4mgEWg0QpX0Z7kF2Y9XG
J1XJyKYcDlS20tkxX7EJ7i85ik673lSI+OJEgoHOtkwyjaZQ/didLQRYzWtooEzS
PB07Ln+oUkiT2U0pwLpKeiDMBeCajMQOLbOiih7Y6NbgH9UuHvOr7WNZiGsaeasl
GUb9sANXyAp2gEm2dZ2hNdWMTmn3U4K/l2w1fBGtAU5MzpzHWsSwDrznxZzuMScy
E6yrGJHs4IF6jNoKPvzdjO7v3FV5QQ6JatbWh8FU+9TkC+rQFQ2ZQSpnA0eys6yt
ZddiKw1knKQ=
=Dqez
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorTomislav Protega
Cert idNCERT-REF-2016-11-0059-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost Cisco Meeting Server i Meeting App proizvoda

Otkrivena je ranjivost u Cisco Meeting Server and Meeting App proizvodima uzrokovana nedostatnom provjerom graničnih vrijednosti unesenih korisničkih podataka. Potencijalni...

Close