CVE-2018-0399

CWE-264 CWE-918 — Server-Side Request Forgery (SSRF)CWE-194 documents4 sources

Severity

9.8CRITICAL

EPSS

0.7%

top 28.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Finesse

Timeline

PublishedJul 18

Latest updateMay 13

Description

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/finesse11.5\(1\)

▶CVEListV5cisco_finesse_unknownCisco Finesse unknown

🔴Vulnerability Details

GHSA

GHSA-8h8w-q442-78j7: Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartex↗2022-05-13

▶

CVEList

CVE-2018-0399: Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartex↗2018-07-18

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Finesse↗2018-07-18

▶