Cisco Integrated Management Controller CVE-2017-6617 Session Hijacking Vulnerability

Cisco Integrated Management Controller is prone to a session-hijacking vulnerability.

This may allow an attacker to to hijack an authenticated userâ??s browser session.

This issue is being tracked by Cisco bug ID CSCvd14583.

Information

Bugtraq ID: 97929
Class: Design Error
CVE: CVE-2017-6617

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 19 2017 12:00AM
Credit: Cisco
Vulnerable: Cisco Unified Computing System 3.0(1c)
Cisco Integrated Management Controller 0

Not Vulnerable: Cisco Unified Computing System 3.0(1d)

References:

• Cisco Homepage (Cisco )
  
• cisco-sa-20170419-cimc2:Cisco Integrated Management Controller User Session Hija (Cisco)
  

Source: www.securityfocus.com