CVE-2016-1373

Name of the Vulnerable Software and Affected Versions Cisco Finesse versions 8.5(1) through 8.5(5) Cisco Finesse version 8.6(1) Cisco Finesse versions 9.0(1) through 9.0(2) Cisco Finesse version 9.1(1) Cisco Finesse version 9.1(1)SU1 Cisco Finesse version 9.1(1)SU1.1 Cisco Finesse versions 9.1(1)ES1 through 9.1(1)ES5 Cisco Finesse version 10.0(1) Cisco Finesse version 10.0(1)SU1 Cisco Finesse version 10.0(1)SU1.1 Cisco Finesse version 10.5(1) Cisco Finesse versions 10.5(1)ES1 through 10.5(1)ES4 Cisco Finesse version 10.5(1)SU1 Cisco Finesse version 10.5(1)SU1.1 Cisco Finesse version 10.5(1)SU1.7 Cisco Finesse version 10.6(1) Cisco Finesse version 10.6(1)SU1 Cisco Finesse version 10.6(1)SU2 Cisco Finesse version 11.0(1)

Description The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request. This is related to the gadgets-integration API in Cisco Finesse.

Recommendations For Cisco Finesse versions 8.5(1) through 8.5(5), update to a version outside of this range to resolve the issue. For Cisco Finesse version 8.6(1), update to a version outside of this range to resolve the issue. For Cisco Finesse versions 9.0(1) through 9.0(2), update to a version outside of this range to resolve the issue. For Cisco Finesse version 9.1(1), update to a version outside of this range to resolve the issue. For Cisco Finesse version 9.1(1)SU1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 9.1(1)SU1.1, update to a version outside of this range to resolve the issue. For Cisco Finesse versions 9.1(1)ES1 through 9.1(1)ES5, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.0(1), update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.0(1)SU1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.0(1)SU1.1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.5(1), update to a version outside of this range to resolve the issue. For Cisco Finesse versions 10.5(1)ES1 through 10.5(1)ES4, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.5(1)SU1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.5(1)SU1.1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.5(1)SU1.7, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.6(1), update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.6(1)SU1, update to a version outside of this range to resolve the issue. For Cisco Finesse version 10.6(1)SU2, update to a version outside of this range to resolve the issue. For Cisco Finesse version 11.0(1), update to a version outside of this range to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.