lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <201702011112.6.prime@psirt.cisco.com>
Date: Wed,  1 Feb 2017 11:12:28 -0500
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: bugtraq@...urityfocus.com
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Prime Home Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20170201-prime-home

Revision 1.0

For Public Release 2017 February 1 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, 
remote attacker to bypass authentication and execute actions with administrator privileges.
 
The vulnerability is due to a processing error in the role-based access control (RBAC) of 
URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a 
particular URL without prior authentication. An exploit could allow the attacker to perform 
any actions in Cisco Prime Home with administrator privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds 
that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
-----BEGIN PGP SIGNATURE-----

iQIVAwUBWJHyOa89gD3EAJB5AQIIsBAAzigHM2b3CTJ8/YbZyE4MF70eF0rWHN6o
pTOK5kZkKgdqAVruuApy7SRf/VzEN+DzifId1oYiWG0bTHjUcxV3hXq59IN4tHbD
8o5TUwc4rqRME/MS3bts3NeCl+xBvyu/uCuDWJK5ENOA29aMMe7kifJlmgyFhX3Y
ywSqS+6g5YdTi7MDEgId7wZRXFKBpMimU4vhEdnaytxmQGtCIi6UGeO673bUUBDA
fhU9RYktiJISwOP4l06Q+oMcbU5Kw3A89OMmRiSnBe34piDLhUHcSW5UFgUfvU5l
b50XuomRS5h/dteP+A+SexFai1szYt4v+Vv5XF5R4Z1BefmFSqcobSuu1/BrMTuD
kBoQqZhe92SHhDs7MVqRL12uT4v/h/saAvEZy7EO483rZcSIzURFkwg5Ft8vsK02
3h1H+AmeYjedI03cfAxsd8NJ8EbgHeLwXOLgTNfiVS5jIv9vrB8gNey7yoXi6iOj
mFo+pOysoMI66R1rtkgDQm2vLVqOI0+xUlPa8P94N5MWKF8rFsa9bJkXR0/kaotD
EHI11ZaQIsP/E2OCK7MHymnmbkNl42bWghLIMXDVmlJ79oyMcjcCQAU1DaTJAu0l
j03VX9FOqLmSwX3vslCUY7Tdgp64I5yTTUZ0n3bP9/0K5D0ISt9XaQwP+4/BwDAG
fZECne7i/l8=
=3ql4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ