CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.225

EPSS Ranking 95.5%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2024-20404

Cisco » Finesse » Version: N/A

cpe:2.3:a:cisco:finesse:-
Cisco » Finesse » Version: 10.0(1)_base

cpe:2.3:a:cisco:finesse:10.0(1)_base
Cisco » Finesse » Version: 10.0(1)_su1

cpe:2.3:a:cisco:finesse:10.0(1)_su1
Cisco » Finesse » Version: 10.0(1)_su1.1

cpe:2.3:a:cisco:finesse:10.0(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_base

cpe:2.3:a:cisco:finesse:10.5(1)_base
Cisco » Finesse » Version: 10.5(1)_es1

cpe:2.3:a:cisco:finesse:10.5(1)_es1
Cisco » Finesse » Version: 10.5(1)_es2

cpe:2.3:a:cisco:finesse:10.5(1)_es2
Cisco » Finesse » Version: 10.5(1)_es3

cpe:2.3:a:cisco:finesse:10.5(1)_es3
Cisco » Finesse » Version: 10.5(1)_es4

cpe:2.3:a:cisco:finesse:10.5(1)_es4
Cisco » Finesse » Version: 10.5(1)_su1

cpe:2.3:a:cisco:finesse:10.5(1)_su1
Cisco » Finesse » Version: 10.5(1)_su1.1

cpe:2.3:a:cisco:finesse:10.5(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_su1.7

cpe:2.3:a:cisco:finesse:10.5(1)_su1.7
Cisco » Finesse » Version: 10.6(1)_base

cpe:2.3:a:cisco:finesse:10.6(1)_base
Cisco » Finesse » Version: 10.6(1)_su1

cpe:2.3:a:cisco:finesse:10.6(1)_su1
Cisco » Finesse » Version: 10.6(1)_su2

cpe:2.3:a:cisco:finesse:10.6(1)_su2
Cisco » Finesse » Version: 11.0(1)

cpe:2.3:a:cisco:finesse:11.0(1)
Cisco » Finesse » Version: 11.0(1)_base

cpe:2.3:a:cisco:finesse:11.0(1)_base
Cisco » Finesse » Version: 11.5(1)

cpe:2.3:a:cisco:finesse:11.5(1)
Cisco » Finesse » Version: 11.5(3)

cpe:2.3:a:cisco:finesse:11.5(3)
Cisco » Finesse » Version: 11.6(1)

cpe:2.3:a:cisco:finesse:11.6(1)
Cisco » Finesse » Version: 12.6(2)

cpe:2.3:a:cisco:finesse:12.6(2)
Cisco » Finesse » Version: 8.5(1)_base

cpe:2.3:a:cisco:finesse:8.5(1)_base
Cisco » Finesse » Version: 8.5(2)_base

cpe:2.3:a:cisco:finesse:8.5(2)_base
Cisco » Finesse » Version: 8.5(3)_base

cpe:2.3:a:cisco:finesse:8.5(3)_base
Cisco » Finesse » Version: 8.5(4)_base

cpe:2.3:a:cisco:finesse:8.5(4)_base
Cisco » Finesse » Version: 8.5(5)_base

cpe:2.3:a:cisco:finesse:8.5(5)_base
Cisco » Finesse » Version: 8.6(1)_base

cpe:2.3:a:cisco:finesse:8.6(1)_base
Cisco » Finesse » Version: 9.0(1)_base

cpe:2.3:a:cisco:finesse:9.0(1)_base
Cisco » Finesse » Version: 9.0(2)_base

cpe:2.3:a:cisco:finesse:9.0(2)_base
Cisco » Finesse » Version: 9.1(1)_base

cpe:2.3:a:cisco:finesse:9.1(1)_base
Cisco » Finesse » Version: 9.1(1)_es1

cpe:2.3:a:cisco:finesse:9.1(1)_es1
Cisco » Finesse » Version: 9.1(1)_es2

cpe:2.3:a:cisco:finesse:9.1(1)_es2
Cisco » Finesse » Version: 9.1(1)_es3

cpe:2.3:a:cisco:finesse:9.1(1)_es3
Cisco » Finesse » Version: 9.1(1)_es4

cpe:2.3:a:cisco:finesse:9.1(1)_es4
Cisco » Finesse » Version: 9.1(1)_es5

cpe:2.3:a:cisco:finesse:9.1(1)_es5
Cisco » Finesse » Version: 9.1(1)_su1

cpe:2.3:a:cisco:finesse:9.1(1)_su1
Cisco » Finesse » Version: 9.1(1)_su1.1

cpe:2.3:a:cisco:finesse:9.1(1)_su1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20404

Products

Pricing

Contact Us