Lucene search

[email protected]NVD:CVE-2024-20405

HistoryJun 05, 2024 - 5:15 p.m.

CVE-2024-20405

2024-06-0517:15:12

CWE-20

CWE-79

[email protected]

web.nvd.nist.gov

cisco finesse

web interface

remote attacker

stored xss

rfi vulnerability

user-supplied input

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

16.9%

JSON

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability.

This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

Affected configurations

Nvd

Node

ciscofinesseRange<11.6\(1\)

ciscofinesseMatch11.6\(1\)-

ciscofinesseMatch11.6\(1\)es4

ciscofinesseMatch11.6\(1\)es5

ciscofinesseMatch11.6\(1\)es6

ciscofinesseMatch11.6\(1\)es7

ciscofinesseMatch11.6\(1\)es8

ciscofinesseMatch12.6\(2\)-

ciscofinesseMatch12.6\(2\)es01

ciscofinesseMatch12.6\(2\)es02

VendorProductVersionCPE
ciscofinesse*cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):-:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):es4:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):es5:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):es6:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):es7:*:*:*:*:*:*
ciscofinesse11.6(1)cpe:2.3:a:cisco:finesse:11.6\(1\):es8:*:*:*:*:*:*
ciscofinesse12.6(2)cpe:2.3:a:cisco:finesse:12.6\(2\):-:*:*:*:*:*:*
ciscofinesse12.6(2)cpe:2.3:a:cisco:finesse:12.6\(2\):es01:*:*:*:*:*:*
ciscofinesse12.6(2)cpe:2.3:a:cisco:finesse:12.6\(2\):es02:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	finesse	*	cpe:2.3:a:cisco:finesse::::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):-::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):es4::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):es5::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):es6::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):es7::::::
cisco	finesse	11.6(1)	cpe:2.3:a:cisco:finesse:11.6\(1\):es8::::::
cisco	finesse	12.6(2)	cpe:2.3:a:cisco:finesse:12.6\(2\):-::::::
cisco	finesse	12.6(2)	cpe:2.3:a:cisco:finesse:12.6\(2\):es01::::::
cisco	finesse	12.6(2)	cpe:2.3:a:cisco:finesse:12.6\(2\):es02::::::

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

16.9%

JSON

Related for NVD:CVE-2024-20405

cve1 vulnrichment1 cvelist1 cisco1