Session Hijacking Vulnerability in Cisco Integrated Management Controller
CVE-2017-6617

5.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Integrated Management Controller
Vendor: CVE Published:; 20 April 2017

Summary

A vulnerability in the session management of the Cisco Integrated Management Controller (IMC) web-based GUI could allow an unauthenticated attacker to hijack valid user sessions. This issue arises because the system fails to generate a new session identifier after a user logs in. By exploiting this flaw, attackers can use a compromised session identifier to gain unauthorized access to the software. A successful exploitation could enable them to control the session of an authenticated user, jeopardizing the integrity and security of the user's access.

Affected Version(s)

Cisco Integrated Management Controller Cisco Integrated Management Controller

References

http://www.securityfocus.com/bid/97929

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2017
Vulnerability Reserved
Mar 9, 2017