CVE-2017-12225

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Lan Management Solution
Vendor
CVE Published:
7 September 2017

Summary

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.

Affected Version(s)

Cisco Prime LAN Management Solution Cisco Prime LAN Management Solution

References

http://www.securitytracker.com/id/1039285
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.