The critical vulnerability lets hackers target the Cisco Prime Home automated configuration server that communicates with customer equipment, according to the company’s advisory.
“A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges,” the advisory said. Versions 6.3.0.0 and above of Cisco Prime Home are affected by the flaw.
If exploited, the vulnerability could ultimately redirect users logged into the Cisco Prime Service Catalog to a phishing site that swipes their credentials, according to a full report on the flaw by CSO Online.