CVE-2017-6617

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (IMC) version 3.0(1c)

Description A issue in the session identification management functionality of the web-based GUI could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. This occurs because the software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this by using a hijacked session identifier to connect to the software through the web-based GUI, potentially allowing the attacker to hijack an authenticated user's browser session on the affected system.

Recommendations For Cisco Integrated Management Controller (IMC) version 3.0(1c), at the moment, there is no information about a newer version that contains a fix for this issue.