Lucene search
PRIOn knowledge basePRION:CVE-2017-6617HistoryApr 20, 2017 - 10:59 p.m.
Design/Logic Flaw
2017-04-2022:59:00
PRIOn knowledge base
www.prio-n.com
6
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user’s browser session on the affected system. Cisco Bug IDs: CSCvd14583.
| CPE | Name | Operator | Version |
|---|---|---|---|
| integrated_management_controller_supervisor | eq | 3.1.99 |
Related
nvd
nvd
CVE-2017-6617
2017-04-20 22:59:00
nessus
nessus
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-08-10 00:00:00
cve
cve
CVE-2017-6617
2017-04-20 22:59:00
cvelist
cvelist
CVE-2017-6617
2017-04-20 22:00:00
cisco
cisco
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-04-19 16:00:00
openvas
openvas
Cisco Integrated Management Controller User Session Hijacking Vulnerability
2017-04-20 00:00:00