CVE-2024-20404
HIGH EXPLOITED NUCLEICisco Finesse - Unauthenticated Server-Side Request Forgery
Title source: llmExploitation Summary
CVE-2024-20404 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including 3zz4t. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository provides a functional proof-of-concept for CVE-2024-20404, demonstrating an SSRF vulnerability in Cisco Finesse's web-based management interface. It includes a crafted HTTP request to exploit insufficient input validation, allowing unauthenticated remote attackers to probe internal services.
Description
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.
Exploits (2)
The repository provides a functional proof-of-concept for CVE-2024-20404, demonstrating an SSRF vulnerability in Cisco Finesse's web-based management interface. It includes a crafted HTTP request to exploit insufficient input validation, allowing unauthenticated remote attackers to probe internal services.
The repository provides a functional PoC for CVE-2024-20404, an SSRF vulnerability in Cisco Finesse's web-based management interface. It includes a crafted HTTP request to exploit insufficient input validation, allowing unauthenticated remote attackers to probe internal services.
Nuclei Templates (1)
title:"Cisco Finesse" port:8445
title="Cisco Finesse" && port="8445"
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N