Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-1373

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.

Published

2016-05-05T21:59:03.267

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	finesse	8.5\(1\)_base	Yes
Application	cisco	finesse	8.5\(2\)_base	Yes
Application	cisco	finesse	8.5\(3\)_base	Yes
Application	cisco	finesse	8.5\(4\)_base	Yes
Application	cisco	finesse	8.5\(5\)_base	Yes
Application	cisco	finesse	8.6\(1\)_base	Yes
Application	cisco	finesse	9.0\(1\)_base	Yes
Application	cisco	finesse	9.0\(2\)_base	Yes
Application	cisco	finesse	9.1\(1\)_base	Yes
Application	cisco	finesse	9.1\(1\)_es1	Yes
Application	cisco	finesse	9.1\(1\)_es2	Yes
Application	cisco	finesse	9.1\(1\)_es3	Yes
Application	cisco	finesse	9.1\(1\)_es4	Yes
Application	cisco	finesse	9.1\(1\)_es5	Yes
Application	cisco	finesse	9.1\(1\)_su1	Yes
Application	cisco	finesse	9.1\(1\)_su1.1	Yes
Application	cisco	finesse	10.0\(1\)_base	Yes
Application	cisco	finesse	10.0\(1\)_su1	Yes
Application	cisco	finesse	10.0\(1\)_su1.1	Yes
Application	cisco	finesse	10.5\(1\)_base	Yes
Application	cisco	finesse	10.5\(1\)_es1	Yes
Application	cisco	finesse	10.5\(1\)_es2	Yes
Application	cisco	finesse	10.5\(1\)_es3	Yes
Application	cisco	finesse	10.5\(1\)_es4	Yes
Application	cisco	finesse	10.5\(1\)_su1	Yes
Application	cisco	finesse	10.5\(1\)_su1.1	Yes
Application	cisco	finesse	10.5\(1\)_su1.7	Yes
Application	cisco	finesse	10.6\(1\)_base	Yes
Application	cisco	finesse	10.6\(1\)_su1	Yes
Application	cisco	finesse	10.6\(1\)_su2	Yes
Application	cisco	finesse	11.0\(1\)_base	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1035756 ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1035756 (af854a3a-2127-422b-91ae-364da2661108)