Management Archives - ICT News https://www.ict-news.org Information & Communication technology world news Sat, 11 Mar 2017 13:58:54 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://www.ict-news.org/wp-content/uploads/2018/03/ICT-icon-3.png Management Archives - ICT News https://www.ict-news.org 32 32 Cisco patches critical flaw in Prime Home device management server https://www.ict-news.org/review-3-services-managing-cloud-storage-accounts/ https://www.ict-news.org/review-3-services-managing-cloud-storage-accounts/#respond Fri, 03 Feb 2017 10:44:03 +0000 https://newsroom.ict-hardware.com/?p=7446 The post Cisco patches critical flaw in Prime Home device management server appeared first on ICT News.

]]>

The vulnerability could allow hackers to take over servers used by ISPs to manage subscribers and their gateway devices

Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.

The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also “automatically activate and configure subscribers and deliver advanced services via service packages” over mobile, fiber, cable, and other ISP networks.

“A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges,” Cisco said in its advisory.

Attackers could exploit the vulnerability by sending API commands over HTTP to a particular URL without requiring authentication. The flaw is caused by a processing error in the role-based access control of URLs, Cisco explained.

In the past, security researchers found vulnerabilities in the TR-069 implementation of many routers that could have allowed hackers to remotely take over those devices. However, a vulnerability in an ACS like Cisco Prime Home is much worse, because it can be used to take control of entire groups of subscriber devices at once.

According to Cisco’s documentation, the admin role on the Cisco Prime Home has access to the server’s customer support, administration, and audit functions, as well as the ability to perform bulk operations and access utilities and reports.

The vulnerability affects Cisco Prime Home versions 6.3.0.0 and above. Customers are advised to migrate to the latest, fixed version: 6.5.0.1.

The company has also warned customers of a medium-risk URL redirect vulnerability in the Cisco Prime Service Catalog, a product that allows companies to set up self-service portals, provide IT service catalogs for data center and application services, and manage service requests.

An attacker could exploit the vulnerability to redirect a user logged into the Cisco Prime Service Catalog to a phishing site in order to steal their credentials.

By , source by ComputerWorld

Visit ICT Hardware to get more info about Cisco Products

The post Cisco patches critical flaw in Prime Home device management server appeared first on ICT News.

]]> https://www.ict-news.org/review-3-services-managing-cloud-storage-accounts/feed/ 0