Cisco Finesse XML Processing Denial of Service Vulnerability

A vulnerability in Cisco Finesse could allow an authenticated, remote attacker to gain access to sensitive information or cause a denial of service (DoS) condition.

The vulnerability is due to improper processing of XML files by an affected device. An authenticated, remote attacker could exploit this vulnerability by sending a malicious XML file to the affected device. Processing the malicious XML file could cause the device to consume excessive amounts of CPU and memory resources that could trigger a DoS condition. The attacker could also gain access to sensitive information on the device, which could be leveraged to conduct further attacks.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement may reduce the likelihood of a successful exploit.