Stored XSS Vulnerability in Cisco Finesse Web Management Interface
CVE-2024-20405

6.1MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Contact Center Enterprise; Cisco Unified Contact Center Express; Cisco Finesse; Cisco Packaged Contact Center Enterprise
Vendor: CVE Published:; 5 June 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Finesse allows unauthorized, remote attackers to perform stored XSS attacks. This issue arises from insufficient validation of user-supplied input in specific HTTP requests directed to the affected device. Attackers can exploit this vulnerability by convincing users to interact with a malicious link, which could result in executing arbitrary script code in the context of the affected interface. Such an attack might lead to the exposure of sensitive information stored on the device.

Affected Version(s)

Cisco Finesse 12.6(2)

Cisco Finesse 12.6(2)ES1

Cisco Finesse 12.6(2)ES2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Jun 7, 2024
Vulnerability published
Jun 5, 2024