Vulnerabilities > CVE-2017-14007 - Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

prominent

CWE-613

NVD

Published: 2017-10-17

Updated: 2019-10-09

Summary

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

Vulnerable Configurations

Part	Description	Count
OS	Prominent Prominent Multiflex M10A Controller Firmware *	1
Hardware	Prominent Prominent Multiflex M10A Controller -	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01