Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-20404

CWE-918Server-Side Request Forgery (SSRF)CWE-20Improper Input Validation6 documents6 sources
Severity
5.3MEDIUM
EPSS
76.0%
top 1.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Cisco FinesseCisco Cisco FinesseCisco Cisco Packaged Contact Center Enterprise+2 more
Timeline
PublishedJun 5

Description

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.7

Affected Packages5 packages

NVDcisco/finesse< 11.6\(1\)+2
CVEListV5cisco/cisco_finesse12.6(2), 12.6(2)ES1, 12.6(2)ES2+2

🔴Vulnerability Details

3
GHSA
GHSA-vhv4-j9cm-5cjx: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an2024-06-05
CVEList
CVE-2024-20404: A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an2024-06-05
VulnCheck
Cisco finesse Server-Side Request Forgery (SSRF)2024

💥Exploits & PoCs

1
Nuclei
Cisco Finesse - Server-Side Request Forgery (SSRF)

📋Vendor Advisories

1
Cisco
Cisco Finesse Web-Based Management Interface Vulnerabilities2024-06-05
CVE-2024-20404 (MEDIUM CVSS 5.3) | A vulnerability in the web-based ma | cvebase.io