Vulnerabilities > CVE-2018-0399 - Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CISCO |
| NASL id | CISCO-SA-20180718-FINESSE-INFO.NASL |
| description | According to its self-reported version, Cisco Finesse Software is affected by an information disclosure vulnerability. The vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Please see the included Cisco BIDs and Cisco Security Advisory for more information |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 130097 |
| published | 2019-10-21 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/130097 |
| title | Cisco Finesse Information Disclosure (cisco-sa-20180718-finesse) |