Podatność CVE-2016-1373


Publikacja: 2016-05-05

Opis:
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.

Producent: Cisco
Produkt: Finesse 
Wersje:
9.1(1)_su1.1
9.1(1)_su1
9.1(1)_es5
9.1(1)_es4
9.1(1)_es3
9.1(1)_es2
9.1(1)_es1
9.1(1)_base
9.0(2)_base
9.0(1)_base
8.6(1)_base
8.5(5)_base
8.5(4)_base
8.5(3)_base
8.5(2)_base
8.5(1)_base
11.0(1)_base
10.6(1)_su2
10.6(1)_su1
10.6(1)_base
10.5(1)_su1.7
10.5(1)_su1.1
10.5(1)_su1
10.5(1)_es4
10.5(1)_es3
10.5(1)_es2
10.5(1)_es1
10.5(1)_base
10.0(1)_su1.1
10.0(1)_su1
10.0(1)_base

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
5/10
2.9/10
10/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak

 Referencje:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse

Podobne CVE
CVE-2019-16002
A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CS...
CVE-2019-15973
A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected application...
CVE-2019-15968
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager (Unified CDM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management...
CVE-2019-15994
A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected ...
CVE-2019-15972
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based managem...
CVE-2019-15986
A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials....
CVE-2019-15987
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is...
CVE-2019-15995
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could...

Copyright 2019, cxsecurity.com

 

Back to Top