SB2026060402 - Remote file inclusion in Cisco Finesse

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026060402

SB2026060402 - Remote file inclusion in Cisco Finesse

Published: June 4, 2026

Security Bulletin ID SB2026060402
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) External Control of File Name or Path (CVE-ID: CVE-2026-20175)

CWE-ID: CWE-73 - External Control of File Name or Path

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary script code in the context of the affected interface or disclose sensitive information.

The vulnerability exists due to external control of file name or path in HTTP request handling in Cisco Finesse when processing user-supplied input in crafted links sent to an affected device. A remote attacker can persuade a user to click a crafted link containing the affected device address to execute arbitrary script code in the context of the affected interface or disclose sensitive information.

User interaction is required to click a crafted link.


Remediation

Install update from vendor's website.

References