Lucene search
CiscoCVELIST:CVE-2017-6617HistoryApr 20, 2017 - 10:00 p.m.
CVE-2017-6617
2017-04-2022:00:00
CWE-287
cisco
www.cve.org
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user’s browser session on the affected system. Cisco Bug IDs: CSCvd14583.
CNA Affected
[
{
"product": "Cisco Integrated Management Controller",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Integrated Management Controller"
}
]
}
]Related
cve
cve
CVE-2017-6617
2017-04-20 22:59:00
cisco
cisco
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-04-19 16:00:00
nessus
nessus
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-08-10 00:00:00
nvd
nvd
CVE-2017-6617
2017-04-20 22:59:00
openvas
openvas
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-04-20 00:00:00
prion
prion
Design/Logic Flaw
2017-04-20 22:59:00