CVE-2024-20405

Name of the Vulnerable Software and Affected Versions Cisco Finesse (affected versions not specified)

Description The issue is related to insufficient validation of user-supplied input for specific HTTP requests sent to an affected device, allowing an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. An attacker could exploit this by persuading a user to click a crafted link, potentially executing arbitrary script code in the context of the affected interface or accessing sensitive information on the affected device.

Recommendations As a temporary workaround, consider restricting access to the web-based management interface of Cisco Finesse to minimize the risk of exploitation. Avoid using the vulnerable interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.