NVD

Id
81594  
Name
CVE-2017-3791  
Description
A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-02-07  
Published
2017-02-01  
Modified Date
2017-02-05  
Seq
2017-3791  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
404640 81594 CVE-2017-3372 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html  View
404641 81594 CVE-2017-3372 95597  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
65013 JVNDB-2017-001400 Cisco Prime Home の Web ベースの GUI における認証を回避される脆弱性 Cisco Prime Home の Web ベースの GUI は、URL のロールベースアクセス制御 (RBAC) のプロセスエラーに関する処理に不備があるため、認証を回避され、管理者権限でアクションを実行される脆弱性が存在します。 CVE-2017-3791 CVE-2017-3791 81594 10 10 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-001400.html 2017-02-01 2017-02-10 View