Back

CVE-2024-20404

June 5, 2024, 5:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Cisco Finesse

Source

ykramarz@cisco.com

Tags

ykramarz@cisco.com
CWE-918
2024-06-05
CVE-2024-20404

CVE-2024-20404 details

Published : June 5, 2024, 5:15 p.m.
Last Modified : June 5, 2024, 5:15 p.m.

Description

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.

CVSS Score

1 2 3 4 5 6 7.2 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

Base Score

7.2

Exploitability Score

Impact Score

Base Severity

HIGH

Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

References

URL Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew ykramarz@cisco.com
This website uses the NVD API, but is not approved or certified by it.