6.1
CVE-2026-20175
- EPSS 0.18%
- Veröffentlicht 03.06.2026 16:06:15
- Zuletzt bearbeitet 04.06.2026 13:54:40
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Finesse File Inclusion Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco Finesse
Default Statusunknown
Version
11.0(1)ES_Rollback
Status
affected
Version
10.5(1)ES4
Status
affected
Version
11.6(1)ES3
Status
affected
Version
11.0(1)ES2
Status
affected
Version
12.0(1)ES2
Status
affected
Version
10.5(1)ES3
Status
affected
Version
11.0(1)
Status
affected
Version
11.6(1)FIPS
Status
affected
Version
11.6(1)ES4
Status
affected
Version
11.0(1)ES3
Status
affected
Version
10.5(1)ES6
Status
affected
Version
11.0(1)ES7
Status
affected
Version
11.5(1)ES4
Status
affected
Version
10.5(1)ES8
Status
affected
Version
11.5(1)
Status
affected
Version
11.6(1)
Status
affected
Version
10.5(1)ES10
Status
affected
Version
11.6(1)ES2
Status
affected
Version
11.6(1)ES
Status
affected
Version
11.0(1)ES6
Status
affected
Version
11.0(1)ES4
Status
affected
Version
12.0(1)
Status
affected
Version
11.6(1)ES7
Status
affected
Version
10.5(1)ES7
Status
affected
Version
11.6(1)ES8
Status
affected
Version
11.5(1)ES1
Status
affected
Version
11.6(1)ES1
Status
affected
Version
11.5(1)ES5
Status
affected
Version
11.0(1)ES1
Status
affected
Version
10.5(1)
Status
affected
Version
11.6(1)ES6
Status
affected
Version
10.5(1)ES2
Status
affected
Version
12.0(1)ES1
Status
affected
Version
11.0(1)ES5
Status
affected
Version
10.5(1)ES5
Status
affected
Version
11.5(1)ES3
Status
affected
Version
11.5(1)ES2
Status
affected
Version
10.5(1)ES9
Status
affected
Version
11.6(1)ES5
Status
affected
Version
11.6(1)ES9
Status
affected
Version
11.5(1)ES6
Status
affected
Version
10.5(1)ES1
Status
affected
Version
12.5(1)
Status
affected
Version
12.0(1)ES3
Status
affected
Version
11.6(1)ES10
Status
affected
Version
12.5(1)ES1
Status
affected
Version
12.5(1)ES2
Status
affected
Version
12.0(1)ES4
Status
affected
Version
12.5(1)ES3
Status
affected
Version
12.0(1)ES5
Status
affected
Version
12.5(1)ES4
Status
affected
Version
12.0(1)ES6
Status
affected
Version
12.5(1)ES5
Status
affected
Version
12.5(1)ES6
Status
affected
Version
12.0(1)ES7
Status
affected
Version
12.6(1)
Status
affected
Version
12.5(1)ES7
Status
affected
Version
11.6(1)ES11
Status
affected
Version
12.6(1)ES1
Status
affected
Version
12.0(1)ES8
Status
affected
Version
12.5(1)ES8
Status
affected
Version
12.6(1)ES2
Status
affected
Version
12.6(1)ES3
Status
affected
Version
12.6(1)ES4
Status
affected
Version
12.6(1)ES5
Status
affected
Version
12.5(2)
Status
affected
Version
12.5(1)_SU
Status
affected
Version
12.5(1)SU
Status
affected
Version
12.6(1)ES6
Status
affected
Version
12.5(1)SU ES1
Status
affected
Version
12.6(1)ES7
Status
affected
Version
12.6(1)ES7_ET
Status
affected
Version
12.6(2)
Status
affected
Version
12.6(1)ES8
Status
affected
Version
12.6(1)ES9
Status
affected
Version
12.6(2)ES1
Status
affected
Version
12.6(1)ES10
Status
affected
Version
12.5(1)SU ES2
Status
affected
Version
12.6(1)ES11
Status
affected
Version
12.6(2)ES2
Status
affected
Version
12.6(2)ES3
Status
affected
Version
12.5(1)SU ES3
Status
affected
Version
12.6(2)ES4
Status
affected
Version
12.6(2)ES5
Status
affected
Version
15.0(1)
Status
affected
Version
12.6(2)ES6
Status
affected
Version
15.0(1)ES202508
Status
affected
Version
15.0(1)ES202511
Status
affected
Version
15.0(1)ES202602
Status
affected
Version
15.0(1)SU1
Status
affected
Version
12.6(2)ES7
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.077 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89