Cisco has patched a critical vulnerability in its Cisco Prime Home remote management software. The flaw is in the product s web-based GUI and allows remote attackers to bypass authentication and access subscriber home networks as an administrator. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. Cisco said that versions 6.3, 6.4 and 6.5 are vulnerable and administrators should upgrade to version 6.0.1.1. This is the second time since November that Cisco has had to roll out patches for Prime Home.
Source: https://threatpost.com/cisco-patches-authentication-bypass-in-cisco-prime-home/123551/