Vulnerabilities > CVE-2017-14007 - Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware

CVSS 5.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

high complexity

prominent

CWE-613

NVD

Published: 2017-10-17

Updated: 2019-10-09

Summary

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

Vulnerable Configurations

Part	Description	Count
OS	Prominent Prominent Multiflex M10A Controller Firmware *	1
Hardware	Prominent Prominent Multiflex M10A Controller -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
http://www.securityfocus.com/bid/101259