cisco-sa-20160504-finesse

Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability

cisco-sa-20160504-finesse · Medium · Published 10 years ago · Updated 10 years ago

A vulnerability in the web interface of Cisco Finesse could allow an unauthenticated, remote attacker to trigger the Finesse server to perform an HTTP request to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the Finesse application programming interface (API) for gadgets integration. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the Finesse server. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse

Cisco advisory ·CSAF JSON

Workarounds

Workarounds that address this vulnerability are not available.

CVEs	CVE-2016-1373
Cisco Bug IDs	CSCuw86623
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Finesse

Related Products

Product	CVE	Evidence
Cisco Finesse	CVE-2016-1373	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability

Workarounds

Related Products