6.1

CVE-2026-20175

Medienbericht

Cisco Finesse File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.

This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
Produkt Cisco Finesse
Default Statusunknown
Version 11.0(1)ES_Rollback
Status affected
Version 10.5(1)ES4
Status affected
Version 11.6(1)ES3
Status affected
Version 11.0(1)ES2
Status affected
Version 12.0(1)ES2
Status affected
Version 10.5(1)ES3
Status affected
Version 11.0(1)
Status affected
Version 11.6(1)FIPS
Status affected
Version 11.6(1)ES4
Status affected
Version 11.0(1)ES3
Status affected
Version 10.5(1)ES6
Status affected
Version 11.0(1)ES7
Status affected
Version 11.5(1)ES4
Status affected
Version 10.5(1)ES8
Status affected
Version 11.5(1)
Status affected
Version 11.6(1)
Status affected
Version 10.5(1)ES10
Status affected
Version 11.6(1)ES2
Status affected
Version 11.6(1)ES
Status affected
Version 11.0(1)ES6
Status affected
Version 11.0(1)ES4
Status affected
Version 12.0(1)
Status affected
Version 11.6(1)ES7
Status affected
Version 10.5(1)ES7
Status affected
Version 11.6(1)ES8
Status affected
Version 11.5(1)ES1
Status affected
Version 11.6(1)ES1
Status affected
Version 11.5(1)ES5
Status affected
Version 11.0(1)ES1
Status affected
Version 10.5(1)
Status affected
Version 11.6(1)ES6
Status affected
Version 10.5(1)ES2
Status affected
Version 12.0(1)ES1
Status affected
Version 11.0(1)ES5
Status affected
Version 10.5(1)ES5
Status affected
Version 11.5(1)ES3
Status affected
Version 11.5(1)ES2
Status affected
Version 10.5(1)ES9
Status affected
Version 11.6(1)ES5
Status affected
Version 11.6(1)ES9
Status affected
Version 11.5(1)ES6
Status affected
Version 10.5(1)ES1
Status affected
Version 12.5(1)
Status affected
Version 12.0(1)ES3
Status affected
Version 11.6(1)ES10
Status affected
Version 12.5(1)ES1
Status affected
Version 12.5(1)ES2
Status affected
Version 12.0(1)ES4
Status affected
Version 12.5(1)ES3
Status affected
Version 12.0(1)ES5
Status affected
Version 12.5(1)ES4
Status affected
Version 12.0(1)ES6
Status affected
Version 12.5(1)ES5
Status affected
Version 12.5(1)ES6
Status affected
Version 12.0(1)ES7
Status affected
Version 12.6(1)
Status affected
Version 12.5(1)ES7
Status affected
Version 11.6(1)ES11
Status affected
Version 12.6(1)ES1
Status affected
Version 12.0(1)ES8
Status affected
Version 12.5(1)ES8
Status affected
Version 12.6(1)ES2
Status affected
Version 12.6(1)ES3
Status affected
Version 12.6(1)ES4
Status affected
Version 12.6(1)ES5
Status affected
Version 12.5(2)
Status affected
Version 12.5(1)_SU
Status affected
Version 12.5(1)SU
Status affected
Version 12.6(1)ES6
Status affected
Version 12.5(1)SU ES1
Status affected
Version 12.6(1)ES7
Status affected
Version 12.6(1)ES7_ET
Status affected
Version 12.6(2)
Status affected
Version 12.6(1)ES8
Status affected
Version 12.6(1)ES9
Status affected
Version 12.6(2)ES1
Status affected
Version 12.6(1)ES10
Status affected
Version 12.5(1)SU ES2
Status affected
Version 12.6(1)ES11
Status affected
Version 12.6(2)ES2
Status affected
Version 12.6(2)ES3
Status affected
Version 12.5(1)SU ES3
Status affected
Version 12.6(2)ES4
Status affected
Version 12.6(2)ES5
Status affected
Version 15.0(1)
Status affected
Version 12.6(2)ES6
Status affected
Version 15.0(1)ES202508
Status affected
Version 15.0(1)ES202511
Status affected
Version 15.0(1)ES202602
Status affected
Version 15.0(1)SU1
Status affected
Version 12.6(2)ES7
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:52
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89