Cisco Finesse Remote File Inclusion Vulnerability
Summary
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device.
- Scope: At the time of publication, this vulnerability affected Cisco Finesse, regardless of device configuration.
- Earlier than 15.0 — Migrate to a fixed release
- Release 15.0 (first fixed: 15.0(1)SU1)
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- 15.0(1)SU1
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Earlier than 15.0: migrate to a fixed release.
- Release 15.0: upgrade to 15.0(1)SU1.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.