PatchSiren cyber security CVE debrief

CVE-2017-3791 Cisco CVE debrief

CVE-2017-3791 is a critical authentication bypass in Cisco Prime Home’s web-based GUI. A processing error in role-based access control (RBAC) for URLs can let an unauthenticated remote attacker send HTTP API commands and perform actions with administrator privileges. Cisco reported that software updates address the issue and that no workaround is available.

Vendor: Cisco
Product: CVE-2017-3791
CVSS: CRITICAL 10
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-01
Original CVE updated: 2026-05-13
Advisory published: 2017-02-01
Advisory updated: 2026-05-13

Who should care

Organizations running Cisco Prime Home, especially teams responsible for internet- or network-accessible management interfaces, should treat this as a high-priority administrative access risk. Security, operations, and patch management teams should confirm whether any Cisco Prime Home instance is in scope and whether it is on an affected version.

Technical summary

The vulnerability is described as an authentication bypass caused by a processing error in URL RBAC handling in the web-based GUI. Per the CVE record and Cisco advisory reference, an attacker can submit HTTP API commands to a specific URL without prior authentication and gain administrator-level capabilities. The NVD record lists affected Cisco Prime Home versions 6.3.0.0, 6.3.1.0, 6.4.0.0, 6.4.1.0, 6.4.2.0, and 6.4.2.1, while the CVE description states exposure extends through the first fixed release 6.5.0.1. The recorded CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Defensive priority

Critical. This is a network-reachable, unauthenticated path to administrator-level actions with full confidentiality, integrity, and availability impact in the scope of the application. Patch as soon as possible; the source corpus says there are no workarounds.

Recommended defensive actions

Identify whether Cisco Prime Home is deployed and determine the exact version in use.
Prioritize upgrading to a fixed Cisco release referenced by the vendor advisory.
Restrict exposure of the web-based GUI and related API endpoints to trusted management networks until patched.
Review administrative activity and configuration changes on affected systems for signs of unauthorized use.
Monitor Cisco PSIRT and internal asset inventories for any additional guidance or related advisories.

Evidence notes

All claims above are drawn from the supplied CVE/NVD corpus and the linked Cisco advisory reference. The CVE was published on 2017-02-01T19:59:00.220Z. The provided enrichment indicates this issue is not a KEV entry. The source corpus does not include the full text of the Cisco advisory, so the summary relies on the CVE description, NVD metadata, and the advisory reference URL.

Official resources

CVE-2017-3791 CVE record
CVE.org
CVE-2017-3791 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Vendor Advisory

Published on 2017-02-01. The supplied enrichment does not mark this issue as a Known Exploited Vulnerability.