Web Application Session Hijacking Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2017-6703

5.9MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Prime Collaboration Provisioning Tool
Vendor
CVE Published:
4 July 2017

Summary

A vulnerability exists within the web application of the Cisco Prime Collaboration Provisioning tool, allowing an unauthenticated remote attacker to potentially hijack a session of another user. This could lead to unauthorized actions being taken on behalf of the attacked user, posing security risks to sensitive data and user configurations.

Affected Version(s)

Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool

References

http://www.securitytracker.com/id/1038744
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99224
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.