Sign-up

ID

VAR-201610-0290


CVE

CVE-2016-6442


TITLE

Cisco Finesse Agent and supervisor desktop cross-site request forgery vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-005696

DESCRIPTION

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). Cisco Finesse is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCvb57213. Cisco Finesse is a set of next-generation customer collaboration service solutions from Cisco. The solution supports the integration of traditional contact center functions into agent and management desktops of thin client desktops, as well as quick and easy access to multiple assets and information sources

Trust: 1.98

sources: NVD: CVE-2016-6442 // JVNDB: JVNDB-2016-005696 // BID: 93519 // VULHUB: VHN-95262

AFFECTED PRODUCTS

vendor:ciscomodel:finessescope:eqversion:11.0\(1\)_base

Trust: 1.6

vendor:ciscomodel:finessescope:eqversion:11.0(1)

Trust: 0.8

vendor:ciscomodel:finessescope:eqversion:0

Trust: 0.3

sources: BID: 93519 // JVNDB: JVNDB-2016-005696 // CNNVD: CNNVD-201610-328 // NVD: CVE-2016-6442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6442
value: HIGH

Trust: 1.0

NVD: CVE-2016-6442
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-328
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95262
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6442
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95262
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6442
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95262 // JVNDB: JVNDB-2016-005696 // CNNVD: CNNVD-201610-328 // NVD: CVE-2016-6442

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-95262 // JVNDB: JVNDB-2016-005696 // NVD: CVE-2016-6442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-328

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201610-328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005696

PATCH
title:cisco-sa-20161012-finurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-005696

EXTERNAL IDS
db:NVDid:CVE-2016-6442
Trust: 2.8
db:BIDid:93519
Trust: 2.0
db:SECTRACKid:1037004
Trust: 1.1
db:JVNDBid:JVNDB-2016-005696
Trust: 0.8
db:CNNVDid:CNNVD-201610-328
Trust: 0.7
db:VULHUBid:VHN-95262
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95262 // 
            
            
            
            BID: 93519 // 
            
            
            
            JVNDB: JVNDB-2016-005696 // 
            
            
            
            CNNVD: CNNVD-201610-328 // 
            
            
            
            NVD: CVE-2016-6442

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-fin
Trust: 2.0
url:http://www.securityfocus.com/bid/93519
Trust: 1.7
url:http://www.securitytracker.com/id/1037004
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6442
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6442
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95262 // 
            
            
            
            BID: 93519 // 
            
            
            
            JVNDB: JVNDB-2016-005696 // 
            
            
            
            CNNVD: CNNVD-201610-328 // 
            
            
            
            NVD: CVE-2016-6442

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93519 // 
            
            
            
            CNNVD: CNNVD-201610-328

SOURCES
db:VULHUBid:VHN-95262
db:BIDid:93519
db:JVNDBid:JVNDB-2016-005696
db:CNNVDid:CNNVD-201610-328
db:NVDid:CVE-2016-6442

LAST UPDATE DATE
2024-11-23T21:54:26.566000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95262date:2017-07-29T00:00:00
db:BIDid:93519date:2016-10-26T09:05:00
db:JVNDBid:JVNDB-2016-005696date:2016-11-04T00:00:00
db:CNNVDid:CNNVD-201610-328date:2016-10-28T00:00:00
db:NVDid:CVE-2016-6442date:2024-11-21T02:56:08.507

SOURCES RELEASE DATE
db:VULHUBid:VHN-95262date:2016-10-27T00:00:00
db:BIDid:93519date:2016-10-12T00:00:00
db:JVNDBid:JVNDB-2016-005696date:2016-11-04T00:00:00
db:CNNVDid:CNNVD-201610-328date:2016-10-14T00:00:00
db:NVDid:CVE-2016-6442date:2016-10-27T21:59:13.767