The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Cisco Unified CCX: open redirect via Finesse

Synthesis of the vulnerability 

An attacker can deceive the user via Finesse of Cisco Unified CCX, in order to redirect him to a malicious site.
Impacted software: Cisco Unified CCX.
Severity of this computer vulnerability: 1/4.
Creation date: 19/05/2021.
Références of this announce: cisco-sa-finesse-opn-rdrct-epDeh7R, CSCvw09349, CSCvy20394, CSCvy20396, CSCvy20403, CVE-2021-1358, VIGILANCE-VUL-35488.

Description of the vulnerability 

An attacker can deceive the user via Finesse of Cisco Unified CCX, in order to redirect him to a malicious site.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat bulletin impacts software or systems such as Cisco Unified CCX.

Our Vigil@nce team determined that the severity of this computer threat bulletin is low.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer threat.

Solutions for this threat 

Cisco Unified CCX: solution CSCvw09349 CSCvy20394 CSCvy20396 CSCvy20403.
The solution is described on the Cisco site:
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw09349
  https://tools.cisco.com/bugsearch/bug/CSCvw09349
  https://tools.cisco.com/quickview/bug/CSCvw09349
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy20394
  https://tools.cisco.com/bugsearch/bug/CSCvy20394
  https://tools.cisco.com/quickview/bug/CSCvy20394
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy20396
  https://tools.cisco.com/bugsearch/bug/CSCvy20396
  https://tools.cisco.com/quickview/bug/CSCvy20396
  https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy20403
  https://tools.cisco.com/bugsearch/bug/CSCvy20403
  https://tools.cisco.com/quickview/bug/CSCvy20403
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a cybersecurity announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.