CVE-2024-20404
7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise | N/A | affected |
| Cisco | Cisco Unified Contact Center Express | N/A | affected |
| Cisco | Cisco Finesse | 12.6(2) | affected |
| Cisco | Cisco Finesse | 12.6(2)ES1 | affected |
| Cisco | Cisco Finesse | 12.6(2)ES2 | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | N/A | affected |
Weaknesses
- CWE-918: Server-Side Request Forgery (SSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.