Cisco Finesse Vulnerabilities Open Door to Attacks (CVE-2024-20404, CVE-2024-20405)

Bar Refael

June 9, 2024

Cisco has issued a security advisory warning users of multiple vulnerabilities in the web-based management interface of Cisco Finesse, a contact center solution widely used by enterprises. The vulnerabilities, tracked as CVE-2024-20404 and CVE-2024-20405, can be exploited by unauthenticated, remote attackers to perform server-side request forgery (SSRF) and stored cross-site scripting (XSS) attacks.

Vulnerability Details

CVE-2024-20404: Cisco Finesse SSRF Vulnerability

  • Description: This vulnerability allows unauthenticated, remote attackers to send specially crafted HTTP requests to a vulnerable device, potentially extracting sensitive information related to associated services.
  • CVSS Score: 7.2
  • Impact: High. Exploitation could lead to unauthorized access to sensitive data and services.

CVE-2024-20405: Cisco Finesse Stored XSS through RFI Vulnerability

  • Description: This vulnerability involves a stored XSS attack facilitated by a remote file inclusion (RFI) flaw. An attacker could trick users into clicking malicious links, executing arbitrary code within the affected interface, or gaining access to confidential data.
  • CVSS Score: 4.8
  • Impact: Medium. Exploitation could result in arbitrary code execution and unauthorized data access.

Affected Products

The vulnerabilities affect Cisco Finesse and several other products bundled with it, including:

  • Packaged CCE
  • Unified CCE
  • Unified CCX
  • Unified Intelligence Center

Potential Impact

Given the widespread use of Cisco Finesse across various industries, these vulnerabilities pose a significant risk. Successful exploitation could lead to unauthorized data access, service disruptions, and potential further compromise of affected networks.

Urgency for Action

Cisco has released software updates to address these critical vulnerabilities. There are no available workarounds, making immediate patching essential for all affected organizations. Although Cisco PSIRT has not observed public exploitation, the potential for severe consequences necessitates swift action.

Recommendations

  1. Immediate Update:
    • Apply the available software updates provided by Cisco without delay.
  2. Monitor for Suspicious Activity:
    • Actively monitor network traffic for any unusual activity that could indicate exploitation attempts.
  3. Review Security Policies:
    • Implement additional security measures, such as web application firewalls, to further mitigate the risk of attacks.

Organizations using Cisco Finesse or related products must act promptly to mitigate these vulnerabilities. Immediate patching and enhanced monitoring are critical to preventing potential exploitation and safeguarding sensitive data and services.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox