Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to perform a stored cross site-scripting (XSS) attack by exploiting a remote file inclusion (RFI) vulnerability or perform a server-side request forgery (SSRF) attack an affected system.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew
Security Impact Rating: Medium
CVE: CVE-2024-20404,CVE-2024-20405,CVE-2024-20483
Source:: Cisco Security Advisories