Session Fixation Vulnerability in Cisco Prime LAN Management Solution
CVE-2017-12225

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Lan Management Solution
Vendor
CVE Published:
7 September 2017

Summary

A flaw in the web functionality of the Cisco Prime LAN Management Solution allows an authenticated attacker to hijack another user's administrative session. This Session Fixation Vulnerability stems from the reuse of a preauthentication session token in the postauthentication session. By exploiting this weakness, an attacker can obtain the presession token ID to take control of an existing user's session. It is essential for administrators using affected versions to implement proper security measures to mitigate this risk.

Affected Version(s)

Cisco Prime LAN Management Solution Cisco Prime LAN Management Solution

References

http://www.securitytracker.com/id/1039285
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.