Server-Side Request Forgery in Cisco Finesse Products
CVE-2016-1373

8.6HIGH

Key Information:

Vendor: Cisco
Status: Finesse
Vendor: CVE Published:; 5 May 2016

Summary

The gadgets-integration API in various versions of Cisco Finesse allows remote attackers to exploit the system by sending crafted requests that can lead to server-side request forgery. This vulnerability can potentially be used to access internal services or resources that should not be exposed to the outside network, highlighting the importance of securing API endpoints against unauthorized access.

References

http://www.securitytracker.com/id/1035756

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 5, 2016
Vulnerability Reserved
Jan 4, 2016