- 171/2024
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to execute scripts in the victim’s web browser, perform stored cross-site scripting (XSS), or perform server-side request forgery (SSRF) attacks and gain access to the affected product by sending a specially crafted HTTP request.
Sample of the addressed vulnerabilities:
Cisco Finesse Server-Side Request Forgery Vulnerability (CVE-2024-20404):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Affected products:
- Cisco Finesse.
- Cisco Packaged Contact Center Enterprise (Packaged CCE).
- Cisco Unified Contact Center Enterprise (Unified CCE).
- Cisco Unified Contact Center Express (Unified CCX).
- Cisco Unified Intelligence Center.
Vulnerabilities
- CVE-2024-20404
- CVE-2024-20405
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.