Vulnerabilities > CVE-2018-0399 - Server-Side Request Forgery (SSRF) vulnerability in Cisco Finesse 11.5(1)

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cisco
CWE-918
critical
nessus

Summary

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.

Vulnerable Configurations

Part Description Count
Application
Cisco
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyCISCO
NASL idCISCO-SA-20180718-FINESSE-INFO.NASL
descriptionAccording to its self-reported version, Cisco Finesse Software is affected by an information disclosure vulnerability. The vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Please see the included Cisco BIDs and Cisco Security Advisory for more information
last seen2020-06-01
modified2020-06-02
plugin id130097
published2019-10-21
reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/130097
titleCisco Finesse Information Disclosure (cisco-sa-20180718-finesse)