Vulnerability-Lookup

CVE-2017-3791 (GCVE-0-2017-3791)

Vulnerability from cvelistv5 – Published: 2017-02-01 19:00 – Updated: 2024-08-05 14:39

Summary

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1	Affected: Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1

CERTFR-2017-AVI-038

Vulnerability from certfr_avis - Published: 2017-02-01 - Updated: 2017-02-01

Une vulnérabilité a été corrigée dans Cisco Prime Home. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Prime Home versions postérieures à 6.3.0.0 sans le dernier correctif de sécurité

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CNVD-2017-01296

Vulnerability from cnvd - Published: 2017-02-14

Title

Cisco Prime Home身份验证绕过漏洞（CNVD-2017-01296）

Description

Cisco Prime Home是美国思科（Cisco）公司的一套基于标准的远程管理和配置解决方案。该方案提供家庭连接设备的统一视图的可视性、降低家庭网络运营成本和提高了用户体验等功能。 Cisco Prime Home存在身份验证绕过漏洞。攻击者可利用此漏洞绕过身份验证机制并执行未授权的操作，导致进一步攻击。

Severity

高

Patch Name

Cisco Prime Home身份验证绕过漏洞（CNVD-2017-01296）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home

Impacted products

Name
['Cisco Prime Home 6.4', 'Cisco Prime Home 6.3', 'Cisco Prime Home 6.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95933"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3791",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3791"
    }
  },
  "description": "Cisco Prime Home\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8e\u6807\u51c6\u7684\u8fdc\u7a0b\u7ba1\u7406\u548c\u914d\u7f6e\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u5bb6\u5ead\u8fde\u63a5\u8bbe\u5907\u7684\u7edf\u4e00\u89c6\u56fe\u7684\u53ef\u89c6\u6027\u3001\u964d\u4f4e\u5bb6\u5ead\u7f51\u7edc\u8fd0\u8425\u6210\u672c\u548c\u63d0\u9ad8\u4e86\u7528\u6237\u4f53\u9a8c\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Prime Home\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01296",
  "openTime": "2017-02-14",
  "patchDescription": "Cisco Prime Home\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8e\u6807\u51c6\u7684\u8fdc\u7a0b\u7ba1\u7406\u548c\u914d\u7f6e\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u5bb6\u5ead\u8fde\u63a5\u8bbe\u5907\u7684\u7edf\u4e00\u89c6\u56fe\u7684\u53ef\u89c6\u6027\u3001\u964d\u4f4e\u5bb6\u5ead\u7f51\u7edc\u8fd0\u8425\u6210\u672c\u548c\u63d0\u9ad8\u4e86\u7528\u6237\u4f53\u9a8c\u7b49\u529f\u80fd\u3002\r\n\r\nCisco Prime Home\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5e76\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\uff0c\u5bfc\u81f4\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Prime Home\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-01296\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Prime Home 6.4",
      "Cisco Prime Home  6.3",
      "Cisco Prime Home 6.5"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-08",
  "title": "Cisco Prime Home\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2017-01296\uff09"
}

GHSA-F8FF-PGCP-3FR6

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

10.0 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-3791"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-01T19:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.",
  "id": "GHSA-f8ff-pgcp-3fr6",
  "modified": "2022-05-13T01:36:41Z",
  "published": "2022-05-13T01:36:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3791"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95933"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-3791

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-3791

Aliases

CVE-2017-3791

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-3791",
    "description": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.",
    "id": "GSD-2017-3791"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3791"
      ],
      "details": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837.",
      "id": "GSD-2017-3791",
      "modified": "2023-12-13T01:21:16.596387Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2017-3791",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
          },
          {
            "name": "95933",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95933"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:cisco_prime_home:6.3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3791"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
            },
            {
              "name": "95933",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95933"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-10-09T23:27Z",
      "publishedDate": "2017-02-01T19:59Z"
    }
  }
}

FKIE_CVE-2017-3791

Vulnerability from fkie_nvd - Published: 2017-02-01 19:59 - Updated: 2025-04-20 01:37

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/95933	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95933	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	cisco_prime_home	6.3.0.0
cisco	cisco_prime_home	6.3.1.0
cisco	cisco_prime_home	6.4.0.0
cisco	cisco_prime_home	6.4.1.0
cisco	cisco_prime_home	6.4.2.0
cisco	cisco_prime_home	6.4.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25479501-2E86-431C-8668-839C05ADE5B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC23815-EB9C-4391-821A-9016EE5643BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4EE5C1-9915-40FD-AA62-499CD4FB6ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6386283D-8F12-44F3-9B3A-8B0928C5A84D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0AD4C40-D2CF-4EEA-9512-A5D4A1E4F316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:cisco_prime_home:6.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00F45E7-72B8-494B-A193-D1BB6F877376",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la GUI basada en web de Cisco Prime Home podr\u00edan permitir a un atacante remoto no autenticado eludir la autenticaci\u00f3n y ejecutar acciones con privilegios de administrador. La vulnerabilidad se debe a un error de procesamiento en el control de acceso basado en funciones (RBAC) de las URL. Un atacante podr\u00eda explotar esta vulnerabilidad enviando comandos de la API a trav\u00e9s de HTTP a una URL determinada sin autenticaci\u00f3n previa. Un exploit podr\u00eda permitir al atacante realizar cualquier acci\u00f3n en Cisco Prime Home con privilegios de administrador. Esta vulnerabilidad afecta a las versiones de Cisco Prime Home desde la versi\u00f3n 6.3.0.0 hasta la primera versi\u00f3n fija 6.5.0.1. Cisco ha lanzado actualizaciones de software que abordan esta vulnerabilidad. No existen soluciones provisionales que aborden esta vulnerabilidad. ID de errores de Cisco: CSCvb49837."
    }
  ],
  "id": "CVE-2017-3791",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T19:59:00.220",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95933"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201702-0815

Vulnerability from variot - Updated: 2025-04-20 23:27

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.3.0.0"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.3.1.0"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.4.0.0"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.4.1.0"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.4.2.0"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "6.4.2.1"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.5"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.4"
      },
      {
        "model": "prime home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.3"
      },
      {
        "model": "prime home",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "6.5.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "95933"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:prime_home",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "95933"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3791",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-3791",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-111994",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-3791",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-3791",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-3791",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-067",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111994",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-3791",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837. This may lead to further attacks. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. web-based GUI is one of the web-based graphical user interface components",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "BID",
        "id": "95933"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3791",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "95933",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-111994",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "db": "BID",
        "id": "95933"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "id": "VAR-201702-0815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:27:27.948000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20170201-prime-home",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home"
      },
      {
        "title": "Cisco Prime Home Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67453"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2017/02/01/cisco_remote_access_hole_in_prime_home/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-prime-home"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/95933"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3791"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3791"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2017/02/01/cisco_remote_access_hole_in_prime_home/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "db": "BID",
        "id": "95933"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "db": "BID",
        "id": "95933"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "date": "2017-02-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "date": "2017-02-01T00:00:00",
        "db": "BID",
        "id": "95933"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "date": "2017-02-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "date": "2017-02-01T19:59:00.220000",
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111994"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-3791"
      },
      {
        "date": "2017-02-02T00:09:00",
        "db": "BID",
        "id": "95933"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-3791"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Prime Home of  Web Base of  GUI Vulnerabilities that bypass authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-001400"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-067"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-3791 (GCVE-0-2017-3791)

CERTFR-2017-AVI-038

Solution

CNVD-2017-01296

GHSA-F8FF-PGCP-3FR6

GSD-2017-3791

FKIE_CVE-2017-3791

VAR-201702-0815

Tags

Sightings

Nomenclature