{"api_version":"1","generated_at":"2026-06-04T19:43:27+00:00","cve":"CVE-2026-20175","urls":{"html":"https://cve.report/CVE-2026-20175","api":"https://cve.report/api/cve/CVE-2026-20175.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-20175","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-20175"},"summary":{"title":"Cisco Finesse File Inclusion Vulnerability","description":"A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.","state":"PUBLISHED","assigner":"cisco","published_at":"2026-06-03 18:16:19","updated_at":"2026-06-04 13:54:40"},"problem_types":["CWE-73","CWE-73 External Control of File Name or Path"],"metrics":[{"version":"3.1","source":"psirt@cisco.com","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSSV3_1","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89","refsource":"psirt@cisco.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-20175","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-20175","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES_Rollback","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)FIPS","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.0(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.5(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 10.5(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 11.6(1)ES11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.0(1)ES8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)ES8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(2)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)_SU","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)SU","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)SU ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES7","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES7_ET","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES8","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES9","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES10","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)SU ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(1)ES11","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES2","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.5(1)SU ES3","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES4","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES5","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 15.0(1)","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES6","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 15.0(1)ES202508","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 15.0(1)ES202511","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 15.0(1)ES202602","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 15.0(1)SU1","platforms":[]},{"source":"CNA","vendor":"Cisco","product":"Cisco Finesse","version":"affected 12.6(2)ES7","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[{"source":"CNA","title":"","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.","time":"","lang":"en"}],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-20175","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-03T17:45:48.882718Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-03T17:46:00.557Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Cisco Finesse","vendor":"Cisco","versions":[{"status":"affected","version":"11.0(1)ES_Rollback"},{"status":"affected","version":"10.5(1)ES4"},{"status":"affected","version":"11.6(1)ES3"},{"status":"affected","version":"11.0(1)ES2"},{"status":"affected","version":"12.0(1)ES2"},{"status":"affected","version":"10.5(1)ES3"},{"status":"affected","version":"11.0(1)"},{"status":"affected","version":"11.6(1)FIPS"},{"status":"affected","version":"11.6(1)ES4"},{"status":"affected","version":"11.0(1)ES3"},{"status":"affected","version":"10.5(1)ES6"},{"status":"affected","version":"11.0(1)ES7"},{"status":"affected","version":"11.5(1)ES4"},{"status":"affected","version":"10.5(1)ES8"},{"status":"affected","version":"11.5(1)"},{"status":"affected","version":"11.6(1)"},{"status":"affected","version":"10.5(1)ES10"},{"status":"affected","version":"11.6(1)ES2"},{"status":"affected","version":"11.6(1)ES"},{"status":"affected","version":"11.0(1)ES6"},{"status":"affected","version":"11.0(1)ES4"},{"status":"affected","version":"12.0(1)"},{"status":"affected","version":"11.6(1)ES7"},{"status":"affected","version":"10.5(1)ES7"},{"status":"affected","version":"11.6(1)ES8"},{"status":"affected","version":"11.5(1)ES1"},{"status":"affected","version":"11.6(1)ES1"},{"status":"affected","version":"11.5(1)ES5"},{"status":"affected","version":"11.0(1)ES1"},{"status":"affected","version":"10.5(1)"},{"status":"affected","version":"11.6(1)ES6"},{"status":"affected","version":"10.5(1)ES2"},{"status":"affected","version":"12.0(1)ES1"},{"status":"affected","version":"11.0(1)ES5"},{"status":"affected","version":"10.5(1)ES5"},{"status":"affected","version":"11.5(1)ES3"},{"status":"affected","version":"11.5(1)ES2"},{"status":"affected","version":"10.5(1)ES9"},{"status":"affected","version":"11.6(1)ES5"},{"status":"affected","version":"11.6(1)ES9"},{"status":"affected","version":"11.5(1)ES6"},{"status":"affected","version":"10.5(1)ES1"},{"status":"affected","version":"12.5(1)"},{"status":"affected","version":"12.0(1)ES3"},{"status":"affected","version":"11.6(1)ES10"},{"status":"affected","version":"12.5(1)ES1"},{"status":"affected","version":"12.5(1)ES2"},{"status":"affected","version":"12.0(1)ES4"},{"status":"affected","version":"12.5(1)ES3"},{"status":"affected","version":"12.0(1)ES5"},{"status":"affected","version":"12.5(1)ES4"},{"status":"affected","version":"12.0(1)ES6"},{"status":"affected","version":"12.5(1)ES5"},{"status":"affected","version":"12.5(1)ES6"},{"status":"affected","version":"12.0(1)ES7"},{"status":"affected","version":"12.6(1)"},{"status":"affected","version":"12.5(1)ES7"},{"status":"affected","version":"11.6(1)ES11"},{"status":"affected","version":"12.6(1)ES1"},{"status":"affected","version":"12.0(1)ES8"},{"status":"affected","version":"12.5(1)ES8"},{"status":"affected","version":"12.6(1)ES2"},{"status":"affected","version":"12.6(1)ES3"},{"status":"affected","version":"12.6(1)ES4"},{"status":"affected","version":"12.6(1)ES5"},{"status":"affected","version":"12.5(2)"},{"status":"affected","version":"12.5(1)_SU"},{"status":"affected","version":"12.5(1)SU"},{"status":"affected","version":"12.6(1)ES6"},{"status":"affected","version":"12.5(1)SU ES1"},{"status":"affected","version":"12.6(1)ES7"},{"status":"affected","version":"12.6(1)ES7_ET"},{"status":"affected","version":"12.6(2)"},{"status":"affected","version":"12.6(1)ES8"},{"status":"affected","version":"12.6(1)ES9"},{"status":"affected","version":"12.6(2)ES1"},{"status":"affected","version":"12.6(1)ES10"},{"status":"affected","version":"12.5(1)SU ES2"},{"status":"affected","version":"12.6(1)ES11"},{"status":"affected","version":"12.6(2)ES2"},{"status":"affected","version":"12.6(2)ES3"},{"status":"affected","version":"12.5(1)SU ES3"},{"status":"affected","version":"12.6(2)ES4"},{"status":"affected","version":"12.6(2)ES5"},{"status":"affected","version":"15.0(1)"},{"status":"affected","version":"12.6(2)ES6"},{"status":"affected","version":"15.0(1)ES202508"},{"status":"affected","version":"15.0(1)ES202511"},{"status":"affected","version":"15.0(1)ES202602"},{"status":"affected","version":"15.0(1)SU1"},{"status":"affected","version":"12.6(2)ES7"}]}],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device."}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"cvssV3_1"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-73","description":"External Control of File Name or Path","lang":"en","type":"cwe"}]}],"providerMetadata":{"dateUpdated":"2026-06-03T16:06:15.233Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"cisco-sa-finesse-rfi-gwpkdc89","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-rfi-gwpkdc89"}],"source":{"advisory":"cisco-sa-finesse-rfi-gwpkdc89","defects":["CSCws76655"],"discovery":"EXTERNAL"},"title":"Cisco Finesse File Inclusion Vulnerability"}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2026-20175","datePublished":"2026-06-03T16:06:15.233Z","dateReserved":"2025-10-08T11:59:15.392Z","dateUpdated":"2026-06-03T17:46:00.557Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-03 18:16:19","lastModifiedDate":"2026-06-04 13:54:40","problem_types":["CWE-73","CWE-73 External Control of File Name or Path"],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"20175","Ordinal":"1","Title":"Cisco Finesse File Inclusion Vulnerability","CVE":"CVE-2026-20175","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"20175","Ordinal":"1","NoteData":"A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.","Type":"Description","Title":"Cisco Finesse File Inclusion Vulnerability"}]}}}