12.5(1)

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

cisco

CWE-918

NVD

Published: 2019-09-05

Updated: 2020-10-08

Summary

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to access the system and perform unauthorized actions.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Finesse 11.6\(1\) Cisco Finesse 12.0\(1\) Cisco Finesse 12.5\(1\)	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-finesse-ssrf