Medium severity6.5NVD Advisory· Published Sep 7, 2017· Updated May 13, 2026

CVE-2017-12225

Description

A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.

Affected products

Cisco Systems, Inc./Prime Lan Management Solution
cpe:2.3:a:cisco:prime_lan_management_solution:4.2\(5\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1039285nvdThird Party AdvisoryVDB Entry
quickview.cloudapps.cisco.com/quickview/bug/CSCvf58392nvdVendor Advisory
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lmsnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000