CVE-2024-20404/20405: Cisco Finesse Vulnerabilities Open Door to Attacks
Cisco has issued a security advisory, warning users of multiple vulnerabilities in the web-based management interface of Cisco Finesse, a contact center solution widely used by enterprises. The vulnerabilities, tracked as CVE-2024-20404 and CVE-2024-20405, could be exploited by unauthenticated, remote attackers to carry out devastating server-side request forgery (SSRF) and stored cross-site scripting (XSS) attacks.
CVE-2024-20404: Cisco Finesse SSRF Vulnerability
The first vulnerability (CVE-2024-20404), rated with a CVSS score of 7.2, enables unauthenticated, remote attacker attackers to send specially crafted HTTP requests to a vulnerable device, potentially allowing them to extract sensitive information related to associated services.
CVE-2024-20405: Cisco Finesse Stored XSS through RFI Vulnerability
The second vulnerability (CVE-2024-20405), with a CVSS score of 4.8, involves a stored XSS attack facilitated by a remote file inclusion (RFI) flaw. An unauthenticated, remote attacker could trick users into clicking malicious links, executing arbitrary code within the affected interface or gaining access to confidential data.
Widespread Impact:
The vulnerabilities are particularly concerning due to the widespread use of Cisco Finesse across industries. In addition to Cisco Finesse itself, several other Cisco products bundled with Finesse are also affected, including Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center.
Urgency for Action:
Cisco has released software updates to address these critical vulnerabilities. There are no workarounds available, making immediate patching imperative for all affected organizations. While Cisco PSIRT has not yet observed any public exploitation, the potential for severe consequences demands swift action.
Recommendations:
- Immediate Update: Organizations using Cisco Finesse or related products must prioritize applying the available software updates without delay.
- Monitor for Suspicious Activity: Actively monitor network traffic for unusual activity that may indicate exploitation attempts.
- Review Security Policies: Consider implementing additional security measures, such as web application firewalls, to further mitigate the risk of attacks.
