Finesse
CVE-2015-0754
HIGH
Severity by source
AV:N/AC:L/Au:S/C:P/I:N/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:S/C:P/I:N/A:C
Lifecycle Timeline
1DescriptionCVE.org
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
AnalysisAI
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. Affected products include: Cisco Finesse.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote a
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote a
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker t
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1
A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse co
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticate
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today