CVE-2024-20404
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- November 08, 2023
- Published Date
- June 05, 2024
- Last Updated
- August 01, 2024
- Vendor
- Cisco
- Product
- Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express, Cisco Finesse, Cisco Packaged Contact Center Enterprise
- Description
- A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.
- Tags
- Exploitation
- none
- Technical Impact
- partial
- Proof of Concept Available
- Yes (added 2024-06-09 18:50:59 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
7.2 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2026-04-01 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20404.yaml | 2026-06-01 15:34:37 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
AbdElRahmanEzzat1995/CVE-2024-20404
Type: github • Created: 2024-06-09 18:50:59 UTC • Stars: 2
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
Detected by Nuclei