cisco-sa-20180718-finesse

Multiple Vulnerabilities in Cisco Finesse

cisco-sa-20180718-finesse · Medium · Published 7 years ago · Updated 7 years ago

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack or retrieve a cleartext password from an affected system. For more information about these vulnerabilities, see the Details section of this security advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-finesse

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEs	CVE-2018-0398, CVE-2018-0399
Cisco Bug IDs	CSCvg71018, CSCvg71044
CVSS Score	Base 5.8 Base 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:X/RL:X/RC:X Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco Finesse

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco Finesse	known_affected	cisco_csaf	CVE-2018-0398, CVE-2018-0399	2

Related Products

Product	CVE	Evidence
Cisco Finesse	CVE-2018-0398	Cisco OpenVuln
Cisco Finesse	CVE-2018-0399	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco Finesse

Workarounds

CSAF Product Statuses

Related Products