Session hijacking in Cisco Prime Collaboration Provisioning - CVE-2017-6703
Published: June 22, 2017 / Updated: July 12, 2017
Vulnerability identifier: #VU7169
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6703
CWE-ID: CWE-384
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Prime Collaboration Provisioning
Cisco Prime Collaboration Provisioning
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to hijack the target user's session.
The weakness exists in the web application in the Cisco Prime Collaboration Provisioning tool due to insufficient session management during user authentication. A remote attacker can perform a session fixation attack against the web application.
Successful exploitation of the vulnerability leads to session steal.
The weakness exists in the web application in the Cisco Prime Collaboration Provisioning tool due to insufficient session management during user authentication. A remote attacker can perform a session fixation attack against the web application.
Successful exploitation of the vulnerability leads to session steal.
How to mitigate CVE-2017-6703
install update from vendor's website.