ID CVE-2017-6617 Type cve Reporter cve@mitre.org Modified 2019-10-09T23:28:00
Description
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
{"id": "CVE-2017-6617", "bulletinFamily": "NVD", "title": "CVE-2017-6617", "description": "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.", "published": "2017-04-20T22:59:00", "modified": "2019-10-09T23:28:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6617", "reporter": "cve@mitre.org", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", "http://www.securityfocus.com/bid/97929"], "cvelist": ["CVE-2017-6617"], "type": "cve", "lastseen": "2021-02-02T06:36:48", "edition": 5, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310106773"]}, {"type": "nessus", "idList": ["CISCO-SA-20170419-CIMC2-UNIFIED_COMPUTING_SYSTEM.NASL"]}, {"type": "cisco", "idList": ["CISCO-SA-20170419-CIMC2"]}], "modified": "2021-02-02T06:36:48", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-02-02T06:36:48", "rev": 2}, "vulnersScore": 5.7}, "cpe": ["cpe:/a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\)"], "affectedSoftware": [{"cpeName": "cisco:integrated_management_controller_supervisor", "name": "cisco integrated management controller supervisor", "operator": "eq", "version": "3.0\\(1c\\)"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5}, "cpe23": ["cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:integrated_management_controller_supervisor:3.0\\(1c\\):*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "97929", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97929"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2"}]}
{"openvas": [{"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6617"], "description": "A vulnerability in the session identification management functionality of\nthe web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker\nto hijack a valid user session on an affected system.", "modified": "2018-10-26T00:00:00", "published": "2017-04-20T00:00:00", "id": "OPENVAS:1361412562310106773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106773", "type": "openvas", "title": "Cisco Integrated Management Controller User Session Hijacking Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cisco_imc_cisco-sa-20170419-cimc2.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# Cisco Integrated Management Controller User Session Hijacking Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:cisco:integrated_management_controller\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106773\");\n script_cve_id(\"CVE-2017-6617\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 12106 $\");\n\n script_name(\"Cisco Integrated Management Controller User Session Hijacking Vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2\");\n\n script_tag(name:\"summary\", value:\"A vulnerability in the session identification management functionality of\nthe web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker\nto hijack a valid user session on an affected system.\");\n\n script_tag(name:\"insight\", value:\"The vulnerability exists because the affected software does not assign a\nnew session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit\nthis vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI.\");\n\n script_tag(name:\"impact\", value:\"A successful exploit could allow the attacker to hijack an authenticated\nuser's browser session on the affected system.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Update to version 3.0.1d or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-20 14:59:32 +0200 (Thu, 20 Apr 2017)\");\n\n script_category(ACT_GATHER_INFO);\n script_family(\"CISCO\");\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cisco_imc_detect.nasl\");\n script_mandatory_keys(\"cisco_imc/installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!version = get_app_version(cpe:CPE))\n exit(0);\n\nversion = str_replace(string: version, find: \")\", replace: '');\nversion = str_replace(string: version, find: \"(\", replace: '.');\n\nif (version == \"3.0.1c\") {\n report = report_fixed_ver(installed_version: version, fixed_version: \"3.0.1d\");\n security_message(port: 0, data: report);\n exit(0);\n}\n\nexit(99);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-11-07T05:24:37", "description": "According to its self-reported version, the Cisco Unified Computing System (Management Software) is affected\nby one or more vulnerabilities. Please see the included Cisco BIDs\nand the Cisco Security Advisory for more information.", "edition": 26, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}, "published": "2017-08-10T00:00:00", "title": "Cisco Integrated Management Controller User Session Hijacking Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6617"], "modified": "2017-08-10T00:00:00", "cpe": ["cpe:/a:cisco:integrated_management_controller"], "id": "CISCO-SA-20170419-CIMC2-UNIFIED_COMPUTING_SYSTEM.NASL", "href": "https://www.tenable.com/plugins/nessus/102362", "sourceData": "#TRUSTED 6435c4fb05cd7b46887ad37d72bdb57f1b6067f4bd362c951ecd58a14a198356b6310f9523345c48fb9d4d129f51b16a12bec66bdea5bdfa97a2e4676c7017aba4040f54a47842b3df641ed7ef00de302aede3a11284c49a8d3347ab5da436b9afb1894d02687e5c39bcd3d1ec69d476979ed50c4fc80035297328796ad31b04e1366eb57648c06e8bd377645e2591c2df8882c3310e39364c52170ec4e2216c10dd01982ca6c8ec06e18c4ff4f3698d46e4b2034d57097f2dee408e500eaad1304ea00c2a9ae33b1317cb493add9dd961298161b09fb5b5a4dea15b3b3750b2826f4e882f106eca615372f4d1c15af5f2a68d393b3a60f7d06d56f23f9c691e7492a034a897ef069d790f5175c119de3aa6db01aa6cc6f35dee36cb67d60e6bfa7cc39623a44a0a34a3b77fd826d6306f6eb30c4d0d905303b9cf9e55ac044e693997ac053f86bf130c8c464c06f3cc14e20f2a112eed9d2dee7a842f9c32383c1b388fdc52884ae6cb4a9e6a317233ecbd494d7970b5758b2fdcf9e1a5bbf4f4f72844b9949455c669f7c101a7523cbff483c62f02398d957c5a1d3ccba3987218428a2b458fa59b2381f9e4719624c5269040269f3254f647d5f24f7694aa6d8feffd61a468128f532f6c80ed8651aba6951dcf8fdca4e67a2ee2a02a63f3d47ebbcbb06bd3e11c03d1587100a14af3cb808819bd316ccf93b1dd74ce6b66\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102362);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/06\");\n\n script_cve_id(\"CVE-2017-6617\");\n script_bugtraq_id(97929);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvd14583\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20170419-cimc2\");\n\n script_name(english:\"Cisco Integrated Management Controller User Session Hijacking Vulnerability\");\n script_summary(english:\"Checks the Cisco Unified Computing System (Management Software) version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Cisco Unified Computing System (Management Software) is affected\nby one or more vulnerabilities. Please see the included Cisco BIDs\nand the Cisco Security Advisory for more information.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c704912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd14583\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug ID(s)\nCSCvd14583.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-6617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:integrated_management_controller\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_imc_detect.nbin\");\n script_require_keys(\"Host/Cisco/CIMC/version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"cisco_workarounds.inc\");\ninclude(\"ccf.inc\");\n\n\nproduct_info = cisco::get_product_info(name:\"Cisco Unified Computing System (Management Software)\");\n\nversion_list = make_list(\n \"3.0(1)c\"\n);\n\nworkarounds = make_list(CISCO_WORKAROUNDS['no_workaround']);\nworkaround_params = make_list();\n\n\nreporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_WARNING,\n 'version' , product_info['version'],\n 'bug_id' , \"CSCvd14583\",\n 'fix' , 'See advisory'\n);\n\ncisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_versions:version_list);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cisco": [{"lastseen": "2020-12-24T11:41:12", "bulletinFamily": "software", "cvelist": ["CVE-2017-6617"], "description": "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.\n\nThe vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user’s browser session on the affected system.\n\nA vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.\n\nThe vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user\u2019s browser session on the affected system.\n\nThere are no workarounds that address this vulnerability.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2 [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2\"]", "modified": "2017-05-31T20:33:22", "published": "2017-04-19T16:00:00", "id": "CISCO-SA-20170419-CIMC2", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", "type": "cisco", "title": "Cisco Integrated Management Controller User Session Hijacking Vulnerability", "cvss": {"score": 4.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}}]}
