Vulnslist

find the latest Cisco vulnerabilities

Cisco Finesse Web-Based Management Interface Vulnerabilities

cisco-sa-finesse-ssrf-rfi-Um7wT8Ew · Medium · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to perform a stored cross site-scripting (XSS) attack by exploiting a remote file inclusion (RFI) vulnerability or perform a server-side request forgery (SSRF) attack an affected system. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2024-20404, CVE-2024-20405
Cisco Bug IDsCSCwh95292, CSCwk36966, CSCwh95276
CVSS ScoreBase 7.2
Base 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Finesse, Cisco Packaged Contact Center Enterprise

Related Products

Product CVE Evidence
Cisco Finesse CVE-2024-20404 Cisco OpenVuln
Cisco Packaged Contact Center Enterprise CVE-2024-20404 Cisco OpenVuln
Cisco Unified Contact Center CVE-2024-20404 Cisco OpenVuln
Cisco Unified Contact Center Enterprise CVE-2024-20404 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2024-20404 Cisco OpenVuln
Cisco Finesse CVE-2024-20405 Cisco OpenVuln
Cisco Packaged Contact Center Enterprise CVE-2024-20405 Cisco OpenVuln
Cisco Unified Contact Center CVE-2024-20405 Cisco OpenVuln
Cisco Unified Contact Center Enterprise CVE-2024-20405 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2024-20405 Cisco OpenVuln