CVE-2017-3791

Name of the Vulnerable Software and Affected Versions Cisco Prime Home versions 6.3.0.0 through 6.5.0.0

Description A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The issue is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this by sending API commands via HTTP to a particular URL without prior authentication, allowing them to perform any actions in Cisco Prime Home with administrator privileges.

Recommendations For Cisco Prime Home versions 6.3.0.0 through 6.5.0.0, update to version 6.5.0.1 or later, as Cisco has released software updates that address this issue. At the moment, there are no workarounds that address this vulnerability.