Lucene search

[email protected]CVE-2019-15278

HistoryJan 26, 2020 - 5:15 a.m.

CVE-2019-15278

2020-01-2605:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cisco

finesse

vulnerability

web-based

management interface

unauthorized access

cve-2019-15278

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

Affected configurations

NVD

Node

ciscofinesseMatch11.6\(1\)-

ciscofinesseMatch12.0\(1\)-

ciscofinesseMatch12.5\(1\)

ciscounified_contact_center_expressMatch12.0\(1\)

CPENameOperatorVersion
cisco:finessecisco finesseeq11.6\(1\)
cisco:finessecisco finesseeq12.0\(1\)
cisco:finessecisco finesseeq12.5\(1\)
cisco:unified_contact_center_expresscisco unified contact center expresseq12.0\(1\)

CPE	Name	Operator	Version
cisco:finesse	cisco finesse	eq	11.6\(1\)
cisco:finesse	cisco finesse	eq	12.0\(1\)
cisco:finesse	cisco finesse	eq	12.5\(1\)
cisco:unified_contact_center_express	cisco unified contact center express	eq	12.0\(1\)

CNA Affected

[
  {
    "product": "Cisco Finesse ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for CVE-2019-15278

symantec1 prion1 cvelist1 nvd1 cisco1