CVE-2024-20404 - Server-Side Request Forgery (SSRF)

Severity

53%

Complexity

39%

Confidentiality

23%

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.

CVSS 3.1 Base Score 5.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Overview

First reported 8 months ago

2024-06-05 17:15:00

Last updated 3 months ago

2024-11-21 08:52:00

Affected Software

Cisco Finesse 11.6(1)

11.6\(1\)

Cisco Finesse

Cisco Finesse 11.6(1) ES4

11.6\(1\)

Cisco Finesse 11.6(1) ES5

11.6\(1\)

Cisco Finesse 11.6(1) ES6

11.6\(1\)

Cisco Finesse 11.6(1) ES7

11.6\(1\)

Cisco Finesse 11.6(1) ES8

11.6\(1\)

References

cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

cisco-sa-finesse-ssrf-rfi-Um7wT8Ew

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.