CiscoCISCO-SA-20130812-CVE-2013-3455Cisco Finesse User Data in Query Vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%
A vulnerability in HTTP queries of Cisco Finesse could allow an unauthenticated, remote attacker to collect potentially sensitive user data.
The vulnerability is due to insecure transmission of user data in an HTTP query. An attacker could exploit this vulnerability by capturing the HTTP query between the end user and the Finesse server.
Cisco has confirmed this vulnerability in a security notice and released software updates.
To exploit this vulnerability, it is likely to an attacker would need access to trusted, internal networks in which the targeted device may reside. In addition, an attacker must capture an HTTP query between the targeted user and an affected device. These requirements decrease the likelihood of a successful exploit.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco finesse | eq | any | |
| cisco finesse | eq | any |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.5%