Cisco Finesse and Cisco Virtualized Voice Browser OpenSocial Gadget Editor Vulnerabilities [CVE-2021-1245 & CVE-2021-1246)
CVE numbers CVE-2021-1245 and CVE-2021-1246
Multiple vulnerabilities in the web-based management interface of Cisco Finesse and Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack and obtain potentially confidential information by leveraging a flaw in the authentication mechanism.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
At the time of publication, these vulnerabilities affected Cisco Finesse releases earlier than Release 12.0(1) ES3 and Release 12.5(1).
At the time of publication, these vulnerabilities affected Cisco Virtualized Voice Browser releases earlier than Release 12.6(1).
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.