CVE-2016-6452
published 2016-11-03CVE-2016-6452: A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.70%
84.1th percentile
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | prime_home | — | — |
| cisco | prime_home | — | — |
| cisco | prime_home | — | — |
| cisco | prime_home | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by sending a crafted HTTP request to a particular URL in the Cisco Prime Home web GUI, exploiting a processing error in RBAC URL handling to obtain a valid session identifier for an arbitrary user. ↗
- →The root cause is a processing error in role-based access control (RBAC) of URLs; detection should focus on unauthenticated requests to privileged/admin URLs in Cisco Prime Home that result in valid session token issuance. ↗
- →The vulnerability allows unauthenticated remote attackers to gain full administrator privileges; monitor for session identifiers being issued to unauthenticated or anonymous HTTP requests against Cisco Prime Home. ↗
- ·Affected versions are Cisco Prime Home 5.1.1.6 and earlier and 5.2.2.2 and earlier; version 6.0 and later are NOT vulnerable. Ensure patching to 6.0+ to remediate. ↗
- ·No workarounds are available for this vulnerability; software update is the only mitigation. ↗
- ·Cisco internal bug tracker reference for this vulnerability is CSCvb71732. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cq4x-jvjg-rq7m: A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authenti
ghsa_unreviewed·2022-05-17
CVE-2016-6452 [CRITICAL] CWE-287 GHSA-cq4x-jvjg-rq7m: A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authenti
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2).
Cisco
Cisco Prime Home Authentication Bypass Vulnerability
vendor_cisco·2016-11-02·CVSS 10.0
CVE-2016-6452 [CRITICAL] CWE-287 Cisco Prime Home Authentication Bypass Vulnerability
Cisco Prime Home Authentication Bypass Vulnerability
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime
Home could allow an unauthenticated, remote attacker to bypass
authentication. The attacker could be granted full administrator privileges.
The
vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending
a crafted HTTP request to a particular URL. An exploit could allow
the attacker to obtain a valid session identifier for an arbitrary user, which
would allow the attacker to perform any actions in Cisco Prime Home for
which that user is authorized—including users with administrator privileges.
Cisco has released software updates that address this vulnerability. Workaroun
Cisco
Cisco Prime Home Authentication Bypass Vulnerability
vendor_cisco
CVE-2016-6452 Cisco Prime Home Authentication Bypass Vulnerability
CVE-2016-6452: Cisco Prime Home Authentication Bypass Vulnerability
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized-including users with administrator privileges. Cisco has released software updates that address this vulnerabilit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-11-03
Published