CVE-2017-6617
Last modified
CVE-2017-6617 is a vulnerability of currently unknown severity. A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. EPSS estimates a 0.97% chance of exploitation in the next 30 days.
Description
A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Integrated Management Controller Supervisor | 3.0\(1c\) |
References
- http://www.securityfocus.com/bid/97929Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/97929Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6617?
How severe is CVE-2017-6617?
How do I fix CVE-2017-6617?
Are you affected by CVE-2017-6617?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST