CVE-2017-14007 - An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web i

CVE-2017-14007

Summary

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

References

Vulnerable Configurations

cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*
cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 09-10-2019 - 23:23)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	101259
misc	https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Last major update

09-10-2019 - 23:23

Published

17-10-2017 - 22:29

Last modified

09-10-2019 - 23:23