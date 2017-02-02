Cisco Patches 'Prime Home' Flaw That Allowed Hackers To Reach Into People's Homes (helpnetsecurity.com) 5
Orome1 quotes a report from Help Net Security: Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices. The vulnerability (CVE-2017-3791), found internally by Cisco security testers, affects the platform's web-based GUI, and can be exploited by remote attackers to bypass authentication and execute any action in Cisco Prime Home with administrator privileges. No user interaction is needed for the exploit to work, and exploitation couldn't be simpler: an attacker just needs to send API commands via HTTP to a particular URL. The bug exists in versions 6.4 and later of Cisco Prime Home, but does not affect versions 5.2 and earlier. "Administrators can verify whether they are running an affected version by opening the Prime Home URL in their browser and checking the Version: line in the login window. If currently logged in, the version information can be viewed in the bottom left of the Prime Home GUI footer, next to the Cisco Prime Home text," Cisco instructed in the security advisory.
So much for Cisco being more secure... (Score:2)
So are they are more secure than the next guy? Not really, they have bugs too (not to mention they designed a lot of the really scary protocols running around the net that sacrifice security all the time).
I guess you can give them kudos for finding an issue then fixing it too... Just don't try to find the updated firmware for that old router you have w/o a service contract..
