CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20405

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.3%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2024-20405

Cisco » Finesse » Version: N/A

cpe:2.3:a:cisco:finesse:-
Cisco » Finesse » Version: 10.0(1)_base

cpe:2.3:a:cisco:finesse:10.0(1)_base
Cisco » Finesse » Version: 10.0(1)_su1

cpe:2.3:a:cisco:finesse:10.0(1)_su1
Cisco » Finesse » Version: 10.0(1)_su1.1

cpe:2.3:a:cisco:finesse:10.0(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_base

cpe:2.3:a:cisco:finesse:10.5(1)_base
Cisco » Finesse » Version: 10.5(1)_es1

cpe:2.3:a:cisco:finesse:10.5(1)_es1
Cisco » Finesse » Version: 10.5(1)_es2

cpe:2.3:a:cisco:finesse:10.5(1)_es2
Cisco » Finesse » Version: 10.5(1)_es3

cpe:2.3:a:cisco:finesse:10.5(1)_es3
Cisco » Finesse » Version: 10.5(1)_es4

cpe:2.3:a:cisco:finesse:10.5(1)_es4
Cisco » Finesse » Version: 10.5(1)_su1

cpe:2.3:a:cisco:finesse:10.5(1)_su1
Cisco » Finesse » Version: 10.5(1)_su1.1

cpe:2.3:a:cisco:finesse:10.5(1)_su1.1
Cisco » Finesse » Version: 10.5(1)_su1.7

cpe:2.3:a:cisco:finesse:10.5(1)_su1.7
Cisco » Finesse » Version: 10.6(1)_base

cpe:2.3:a:cisco:finesse:10.6(1)_base
Cisco » Finesse » Version: 10.6(1)_su1

cpe:2.3:a:cisco:finesse:10.6(1)_su1
Cisco » Finesse » Version: 10.6(1)_su2

cpe:2.3:a:cisco:finesse:10.6(1)_su2
Cisco » Finesse » Version: 11.0(1)

cpe:2.3:a:cisco:finesse:11.0(1)
Cisco » Finesse » Version: 11.0(1)_base

cpe:2.3:a:cisco:finesse:11.0(1)_base
Cisco » Finesse » Version: 11.5(1)

cpe:2.3:a:cisco:finesse:11.5(1)
Cisco » Finesse » Version: 11.5(3)

cpe:2.3:a:cisco:finesse:11.5(3)
Cisco » Finesse » Version: 11.6(1)

cpe:2.3:a:cisco:finesse:11.6(1)
Cisco » Finesse » Version: 12.6(2)

cpe:2.3:a:cisco:finesse:12.6(2)
Cisco » Finesse » Version: 8.5(1)_base

cpe:2.3:a:cisco:finesse:8.5(1)_base
Cisco » Finesse » Version: 8.5(2)_base

cpe:2.3:a:cisco:finesse:8.5(2)_base
Cisco » Finesse » Version: 8.5(3)_base

cpe:2.3:a:cisco:finesse:8.5(3)_base
Cisco » Finesse » Version: 8.5(4)_base

cpe:2.3:a:cisco:finesse:8.5(4)_base
Cisco » Finesse » Version: 8.5(5)_base

cpe:2.3:a:cisco:finesse:8.5(5)_base
Cisco » Finesse » Version: 8.6(1)_base

cpe:2.3:a:cisco:finesse:8.6(1)_base
Cisco » Finesse » Version: 9.0(1)_base

cpe:2.3:a:cisco:finesse:9.0(1)_base
Cisco » Finesse » Version: 9.0(2)_base

cpe:2.3:a:cisco:finesse:9.0(2)_base
Cisco » Finesse » Version: 9.1(1)_base

cpe:2.3:a:cisco:finesse:9.1(1)_base
Cisco » Finesse » Version: 9.1(1)_es1

cpe:2.3:a:cisco:finesse:9.1(1)_es1
Cisco » Finesse » Version: 9.1(1)_es2

cpe:2.3:a:cisco:finesse:9.1(1)_es2
Cisco » Finesse » Version: 9.1(1)_es3

cpe:2.3:a:cisco:finesse:9.1(1)_es3
Cisco » Finesse » Version: 9.1(1)_es4

cpe:2.3:a:cisco:finesse:9.1(1)_es4
Cisco » Finesse » Version: 9.1(1)_es5

cpe:2.3:a:cisco:finesse:9.1(1)_es5
Cisco » Finesse » Version: 9.1(1)_su1

cpe:2.3:a:cisco:finesse:9.1(1)_su1
Cisco » Finesse » Version: 9.1(1)_su1.1

cpe:2.3:a:cisco:finesse:9.1(1)_su1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20405

Products

Pricing

Contact Us