cvelistv5 - cve-2016-6442

CVE-2016-6442 (GCVE-0-2016-6442)

Vulnerability from cvelistv5

Published

2016-10-27 21:00

Modified

2024-08-06 01:29

Severity ?

CWE

unspecified

Summary

References

URL

	Vendor	Product	Version
	n/a	Cisco Finesse 11.0(1)	Version: Cisco Finesse 11.0(1)

CERTFR-2016-AVI-343

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Prime Infrastructure
Cisco	N/A	Cisco Evolved Programmable Network Manager
Cisco	N/A	Cisco Finesse
Cisco	N/A	Acano Server versions antérieures à 1.8.18 et 1.9.6 avec XMPP activé
Cisco	N/A	Cisco cBR-8 Converged Broadband Routers versions 3.17S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CUCM)
Cisco	N/A	Cisco Wide Area Application Services (WAAS)
Cisco	N/A	Cisco Meeting Server versions antérieures à 2.0.6 avec XMPP activé

References

Title

Publication Time

fkie_cve-2016-6442

Vulnerability from fkie_nvd

Published

2016-10-27 21:59

Modified

2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/93519
psirt@cisco.com	http://www.securitytracker.com/id/1037004
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93519
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037004
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	finesse	11.0\(1\)_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\)_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F430C6D-24ED-4FB9-9F34-16F0A9CBEE2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Finesse Agent y Supervisor Desktop Software podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque CSRF contra el usuario de la interfaz webs. M\u00e1s informaci\u00f3n: CSCvb57213. Lanzamientos conocidos afectados: 11.0(1)."
    }
  ],
  "id": "CVE-2016-6442",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-27T21:59:13.767",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93519"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037004"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201610-0290

Vulnerability from variot

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). Cisco Finesse is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvb57213. Cisco Finesse is a set of next-generation customer collaboration service solutions from Cisco. The solution supports the integration of traditional contact center functions into agent and management desktops of thin client desktops, as well as quick and easy access to multiple assets and information sources

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0290",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0\\(1\\)_base"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "11.0(1)"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:finesse",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6442",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-6442",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-95262",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-6442",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-6442",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-6442",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-328",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95262",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). Cisco Finesse is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThis issue is being tracked by Cisco Bug ID CSCvb57213. Cisco Finesse is a set of next-generation customer collaboration service solutions from Cisco. The solution supports the integration of traditional contact center functions into agent and management desktops of thin client desktops, as well as quick and easy access to multiple assets and information sources",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6442",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93519",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1037004",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95262",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "id": "VAR-201610-0290",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:54:26.566000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161012-fin",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-fin"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/93519"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037004"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6442"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6442"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "db": "BID",
        "id": "93519"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "date": "2016-10-12T00:00:00",
        "db": "BID",
        "id": "93519"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "date": "2016-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "date": "2016-10-27T21:59:13.767000",
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95262"
      },
      {
        "date": "2016-10-26T09:05:00",
        "db": "BID",
        "id": "93519"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      },
      {
        "date": "2016-10-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      },
      {
        "date": "2024-11-21T02:56:08.507000",
        "db": "NVD",
        "id": "CVE-2016-6442"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Finesse Agent and supervisor desktop cross-site request forgery vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005696"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-328"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2016-09461

Vulnerability from cnvd

Title

Cisco Finesse跨站请求伪造漏洞

Description

Cisco Finesse是美国思科（Cisco）公司的一套呼叫中心管理软件。该软件可提升呼叫中心服务质量、改善客户体验、提高客服代表满意度。 Cisco Finesse存在跨站请求伪造漏洞，允许远程攻击者利用该漏洞执行某些未经授权的操作和访问受影响的应用程序。

Severity

中

Patch Name

Cisco Finesse跨站请求伪造漏洞的补丁

Patch Description

Cisco Finesse是美国思科（Cisco）公司的一套呼叫中心管理软件。该软件可提升呼叫中心服务质量、改善客户体验、提高客服代表满意度。 Cisco Finesse存在跨站请求伪造漏洞，允许远程攻击者利用该漏洞执行某些未经授权的操作和访问受影响的应用程序。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin

Reference

http://www.securityfocus.com/bid/93519

Impacted products

Name
Cisco Finesse

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93519"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6442"
    }
  },
  "description": "Cisco Finesse\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u547c\u53eb\u4e2d\u5fc3\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u63d0\u5347\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u8d28\u91cf\u3001\u6539\u5584\u5ba2\u6237\u4f53\u9a8c\u3001\u63d0\u9ad8\u5ba2\u670d\u4ee3\u8868\u6ee1\u610f\u5ea6\u3002\r\n\r\nCisco Finesse\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u548c\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-09461",
  "openTime": "2016-10-19",
  "patchDescription": "Cisco Finesse\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u547c\u53eb\u4e2d\u5fc3\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u63d0\u5347\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u8d28\u91cf\u3001\u6539\u5584\u5ba2\u6237\u4f53\u9a8c\u3001\u63d0\u9ad8\u5ba2\u670d\u4ee3\u8868\u6ee1\u610f\u5ea6\u3002\r\n\r\nCisco Finesse\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u67d0\u4e9b\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u548c\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Finesse\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Finesse"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93519",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-14",
  "title": "Cisco Finesse\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

ghsa-43vv-v8c6-frg3

Vulnerability from github

Published

2022-05-17 02:23

Modified

2022-05-17 02:23

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6442"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-27T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).",
  "id": "GHSA-43vv-v8c6-frg3",
  "modified": "2022-05-17T02:23:03Z",
  "published": "2022-05-17T02:23:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6442"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93519"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-6442

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-6442

Aliases

CVE-2016-6442

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6442",
    "description": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).",
    "id": "GSD-2016-6442"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6442"
      ],
      "details": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1).",
      "id": "GSD-2016-6442",
      "modified": "2023-12-13T01:21:23.639673Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6442",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Finesse 11.0(1)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Finesse 11.0(1)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1037004",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037004"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
          },
          {
            "name": "93519",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93519"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:11.0\\(1\\)_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6442"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin"
            },
            {
              "name": "93519",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93519"
            },
            {
              "name": "1037004",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037004"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-29T01:34Z",
      "publishedDate": "2016-10-27T21:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-6442 (GCVE-0-2016-6442)

Vulnerability from cvelistv5

CERTFR-2016-AVI-343

Vulnerability from certfr_avis

Solution

fkie_cve-2016-6442

Vulnerability from fkie_nvd

var-201610-0290

Vulnerability from variot

cnvd-2016-09461

Vulnerability from cnvd

ghsa-43vv-v8c6-frg3

Vulnerability from github

gsd-2016-6442

Vulnerability from gsd

Tags

Sightings

Nomenclature