Cisco patches critical flaw in Prime Home device management server

Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.

The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also “automatically activate and configure subscribers and deliver advanced services via service packages” over mobile, fiber, cable, and other ISP networks.

“A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges,” Cisco said in its advisory.

To read this article in full or to leave a comment, please click here

Read more: Cisco patches critical flaw in Prime Home device management server

Story added 2. February 2017, content source with full text you can find at link above.