Vulnerabilities > CVE-2016-1373 - Server Side Request Forgery Security Bypass vulnerability in Cisco Finesse
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623. <a href="https://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
Vulnerable Configurations
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20160504-FINESSE.NASL |
| description | According to its self-reported version, the Cisco Finesse appliance is affected by a server-side request forgery (SSRF) in application programming interface (API) for gadgets integration due to insufficient access controls. An unauthenticated, remote attacker can exploit this, via crafted HTTP request, to perform an HTTP request to an arbitrary host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 130066 |
| published | 2019-10-21 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/130066 |
| title | Cisco Finesse Appliance HTTP Request Processing Server-Side Request Forgery Vulnerability (cisco-sa-20160504-finesse) |