CVE-2017-12225

CVE Database · CVE-2017-12225

CVE-2017-12225

· N/AModified

CVSS v3.1

N/A

EPSS

1.96%

Published

Sep 7, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.

Weaknesses (CWE)

CWE-287CWE-384

Affected Products (1)

cisco · prime_lan_management_solutionvulnerable

References (6)

http://www.securitytracker.com/id/1039285

Third Party AdvisoryVDB Entry

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf58392

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms

Vendor Advisory

http://www.securitytracker.com/id/1039285

Third Party AdvisoryVDB Entry

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvf58392

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms

KEV Catalog EPSS Scores Vendors All CVEs