Cisco Family June 2024 First Round Security Update Advisory
Overview
Cisco(https://www.cisco.com) has released a security update that fixes vulnerabilities in products it has been made. Users of affected systems are advised to update to the latest version.
Affected Products
Cisco Finesse 11.6(1) up to and including ES11
Cisco Finesse 12.6(2) up to and including ES01
Cisco Packaged Contact Center Enterprise
Cisco Unified Contact Center Enterprise
Cisco Unified Contact Center Express
Resolved Vulnerabilities
Vulnerability in Cisco Finesse, Cisco Unified Contact Center Express, Cisco Packaged Contact Center Enterprise, and Cisco Unified Contact Center Enterprise due to insufficient validation of user input to obtain restricted and sensitive information about services associated with the affected device (CVE-2024-20404, CVSS 7.2) [1]
Stored XSS exploitable Remote File Inclusion (RFI) vulnerability in the web-based administration interface of Cisco Finesse (CVE-2024-20405, CVSS 4.8) [1]
Vulnerability Patches
Product-specific vulnerability patches were made available in the June 5, 2024 update. Please refer to the ‘Affected Products’ and ‘Fixed Software’ in the product-specific information in the Referenced Sites below to apply the patches.
Cisco Finesse 12.6(2) ES03 Version
Referenced Sites
[1] Cisco Finesse Web-Based Management Interface Vulnerabilities