A vulnerability in Cisco Finesse could allow an authenticated, remote malicious user to gain access to sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper processing of XML files by an affected device. An authenticated, remote attacker could exploit this vulnerability by sending a malicious XML file to the affected device. Processing the malicious XML file could cause the device to consume excessive amounts of CPU and memory resources that could trigger a DoS condition. The attacker could also gain access to sensitive information on the device, which could be leveraged to conduct further attacks. Cisco has confirmed the vulnerability; however, software updates are not available. To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement may reduce the likelihood of a successful exploit.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco finesse 10.5\\(1\\)_base |
Vulmon