CVE-2023-20088

CWE-2854 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 28.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco FinesseCisco Cisco Unified Contact Center Enterprise
Timeline
PublishedMar 3

Description

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDcisco/finesse< 12.6\(1\)+1

🔴Vulnerability Details

2
CVEList
Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability2023-03-03
GHSA
GHSA-6v2h-cxg9-wpjg: A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated,2023-03-03

📋Vendor Advisories

1
Cisco
Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability2023-03-01
CVE-2023-20088 (HIGH CVSS 7.5) | A vulnerability in the nginx config | cvebase.io