Finesse
CVE-2018-0399
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044.
AnalysisAI
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to retrieve a cleartext password from an affected system. Cisco Bug IDs: CSCvg71044. Affected products include: Cisco Finesse.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System softw
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote a
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker t
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CP
A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse co
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticate
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker t
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today