Vulnslist

Cisco product, release, and evidence lookup

Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability

cisco-sa-20170621-pcp1 · Medium · Published · Updated

Data: Cisco advisories · Cisco CSAF · NVD CVEs · NVD CPEs · CISA KEV · EPSS

A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. The vulnerability is due to insufficient session management during user authentication. An attacker could exploit this vulnerability by performing a session fixation attack against the web application. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6703
Cisco Bug IDsCSCvc90346
CVSS ScoreBase 5.9
Base 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N/E:X/RL:X/RC:X

Products with public affected evidence

Product CVE Affected evidence
Cisco Prime Collaboration Provisioning CVE-2017-6703 structured affected CSAF product_status