CVE-2017-6617

Description

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated users browser session on the affected system. Cisco Bug IDs: CSCvd14583.

Risk Information

Base Score

5.4

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.29

Associated Vulnerability

Vulnerability	OS Platform
Cisco Integrated Management Controller User Session Hijacking Vulnerability For Cisco Unified Computing System	NCM
Improper Authentication Vulnerability (CVE-2017-6617)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706036	Security Update for Cisco Unified Computing System 3.2(1d)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234