CVE-2016-1373: SSRF
First published: Thu May 05 2016(Updated: )
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Finesse | =8.5\(1\)_base | |
| Cisco Finesse | =8.5\(2\)_base | |
| Cisco Finesse | =8.5\(3\)_base | |
| Cisco Finesse | =8.5\(4\)_base | |
| Cisco Finesse | =8.5\(5\)_base | |
| Cisco Finesse | =8.6\(1\)_base | |
| Cisco Finesse | =9.0\(1\)_base | |
| Cisco Finesse | =9.0\(2\)_base | |
| Cisco Finesse | =9.1\(1\)_base | |
| Cisco Finesse | =9.1\(1\)_es1 | |
| Cisco Finesse | =9.1\(1\)_es2 | |
| Cisco Finesse | =9.1\(1\)_es3 | |
| Cisco Finesse | =9.1\(1\)_es4 | |
| Cisco Finesse | =9.1\(1\)_es5 | |
| Cisco Finesse | =9.1\(1\)_su1 | |
| Cisco Finesse | =9.1\(1\)_su1.1 | |
| Cisco Finesse | =10.0\(1\)_base | |
| Cisco Finesse | =10.0\(1\)_su1 | |
| Cisco Finesse | =10.0\(1\)_su1.1 | |
| Cisco Finesse | =10.5\(1\)_base | |
| Cisco Finesse | =10.5\(1\)_es1 | |
| Cisco Finesse | =10.5\(1\)_es2 | |
| Cisco Finesse | =10.5\(1\)_es3 | |
| Cisco Finesse | =10.5\(1\)_es4 | |
| Cisco Finesse | =10.5\(1\)_su1 | |
| Cisco Finesse | =10.5\(1\)_su1.1 | |
| Cisco Finesse | =10.5\(1\)_su1.7 | |
| Cisco Finesse | =10.6\(1\)_base | |
| Cisco Finesse | =10.6\(1\)_su1 | |
| Cisco Finesse | =10.6\(1\)_su2 | |
| Cisco Finesse | =11.0\(1\)_base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1373?
CVE-2016-1373 has been rated as a moderate severity vulnerability.
How do I fix CVE-2016-1373?
To remediate CVE-2016-1373, upgrade to a fixed version of Cisco Finesse as recommended in the Cisco Security Advisory.
What versions of Cisco Finesse are affected by CVE-2016-1373?
CVE-2016-1373 affects multiple versions of Cisco Finesse, including 8.5(1) through 8.5(5), 8.6(1), and 9.0(1) to 11.0(1).
What type of vulnerability is CVE-2016-1373?
CVE-2016-1373 is a vulnerability in the gadgets-integration API of Cisco Finesse.
Are there any known exploits for CVE-2016-1373?
As of the latest updates, there are no publicly available exploits specifically targeting CVE-2016-1373.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco finesse
- version/cisco finesse/8.5\(1\)_base
- version/cisco finesse/8.5\(2\)_base
- version/cisco finesse/8.5\(3\)_base
- version/cisco finesse/8.5\(4\)_base
- version/cisco finesse/8.5\(5\)_base
- version/cisco finesse/8.6\(1\)_base
- version/cisco finesse/9.0\(1\)_base
- version/cisco finesse/9.0\(2\)_base
- version/cisco finesse/9.1\(1\)_base
- version/cisco finesse/9.1\(1\)_es1
- version/cisco finesse/9.1\(1\)_es2
- version/cisco finesse/9.1\(1\)_es3
- version/cisco finesse/9.1\(1\)_es4
- version/cisco finesse/9.1\(1\)_es5
- version/cisco finesse/9.1\(1\)_su1
- version/cisco finesse/9.1\(1\)_su1.1
- version/cisco finesse/10.0\(1\)_base
- version/cisco finesse/10.0\(1\)_su1
- version/cisco finesse/10.0\(1\)_su1.1
- version/cisco finesse/10.5\(1\)_base
- version/cisco finesse/10.5\(1\)_es1
- version/cisco finesse/10.5\(1\)_es2
- version/cisco finesse/10.5\(1\)_es3
- version/cisco finesse/10.5\(1\)_es4
- version/cisco finesse/10.5\(1\)_su1
- version/cisco finesse/10.5\(1\)_su1.1
- version/cisco finesse/10.5\(1\)_su1.7
- version/cisco finesse/10.6\(1\)_base
- version/cisco finesse/10.6\(1\)_su1
- version/cisco finesse/10.6\(1\)_su2
- version/cisco finesse/11.0\(1\)_base