CVE-2017-12225

Name of the Vulnerable Software and Affected Versions Cisco Prime LAN Management Solution version 4.2(5)

Description A session fixation issue in the web functionality of the Cisco Prime LAN Management Solution allows an authenticated, remote attacker to hijack another user's administrative session. This is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this by obtaining the presession token ID, potentially allowing them to hijack an existing user's session.

Recommendations For version 4.2(5), consider restricting access to the web functionality of the Cisco Prime LAN Management Solution until a fix is available, and avoid reusing preauthentication session tokens to minimize the risk of session hijacking. At the moment, there is no information about a newer version that contains a fix for this vulnerability.