CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:P/I:N/A:C
EPSS
Percentile
54.8%
A vulnerability in Cisco Finesse could allow an authenticated, remote attacker to gain access to sensitive information or cause a denial of service (DoS) condition.
The vulnerability is due to improper processing of XML files by an affected device. An authenticated, remote attacker could exploit this vulnerability by sending a malicious XML file to the affected device. Processing the malicious XML file could cause the device to consume excessive amounts of CPU and memory resources that could trigger a DoS condition. The attacker could also gain access to sensitive information on the device, which could be leveraged to conduct further attacks.
Cisco has confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement may reduce the likelihood of a successful exploit.