CVE-2026-20175 | THREATINT

Description

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input for HTTP requests that are sent to an affected device. An attacker who has knowledge of the address of the affected device could exploit this vulnerability by persuading a user to click a crafted link that contains the affected device address. A successful exploit could allow the attacker to conduct browser-based attacks and execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device.

PUBLISHED Reserved 2025-10-08 | Published 2026-06-03 | Updated 2026-06-03 | Assigner cisco

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

External Control of File Name or Path

Product status

Default status

unknown

11.0(1)ES_Rollback

affected

10.5(1)ES4

affected

11.6(1)ES3

affected

11.0(1)ES2

affected

12.0(1)ES2

affected

10.5(1)ES3

affected

11.0(1)

affected

11.6(1)FIPS

affected

11.6(1)ES4

affected

11.0(1)ES3

affected

10.5(1)ES6

affected

11.0(1)ES7

affected

11.5(1)ES4

affected

10.5(1)ES8

affected

11.5(1)

affected

11.6(1)

affected

10.5(1)ES10

affected

11.6(1)ES2

affected

11.6(1)ES

affected

11.0(1)ES6

affected

11.0(1)ES4

affected

12.0(1)

affected

11.6(1)ES7

affected

10.5(1)ES7

affected

11.6(1)ES8

affected

11.5(1)ES1

affected

11.6(1)ES1

affected

11.5(1)ES5

affected

11.0(1)ES1

affected

10.5(1)

affected

11.6(1)ES6

affected

10.5(1)ES2

affected

12.0(1)ES1

affected

11.0(1)ES5

affected

10.5(1)ES5

affected

11.5(1)ES3

affected

11.5(1)ES2

affected

10.5(1)ES9

affected

11.6(1)ES5

affected

11.6(1)ES9

affected

11.5(1)ES6

affected

10.5(1)ES1

affected

12.5(1)

affected

12.0(1)ES3

affected

11.6(1)ES10

affected

12.5(1)ES1

affected

12.5(1)ES2

affected

12.0(1)ES4

affected

12.5(1)ES3

affected

12.0(1)ES5

affected

12.5(1)ES4

affected

12.0(1)ES6

affected

12.5(1)ES5

affected

12.5(1)ES6

affected

12.0(1)ES7

affected

12.6(1)

affected

12.5(1)ES7

affected

11.6(1)ES11

affected

12.6(1)ES1

affected

12.0(1)ES8

affected

12.5(1)ES8

affected

12.6(1)ES2

affected

12.6(1)ES3

affected

12.6(1)ES4

affected

12.6(1)ES5

affected

12.5(2)

affected

12.5(1)_SU

affected

12.5(1)SU

affected

12.6(1)ES6

affected

12.5(1)SU ES1

affected

12.6(1)ES7

affected

12.6(1)ES7_ET

affected

12.6(2)

affected

12.6(1)ES8

affected

12.6(1)ES9

affected

12.6(2)ES1

affected

12.6(1)ES10

affected

12.5(1)SU ES2

affected

12.6(1)ES11

affected

12.6(2)ES2

affected

12.6(2)ES3

affected

12.5(1)SU ES3

affected

12.6(2)ES4

affected

12.6(2)ES5

affected

15.0(1)

affected

12.6(2)ES6

affected

15.0(1)ES202508

affected

15.0(1)ES202511

affected

15.0(1)ES202602

affected

15.0(1)SU1

affected

12.6(2)ES7

affected

References

sec.cloudapps.cisco.com/...ory/cisco-sa-finesse-rfi-gwpkdc89 (cisco-sa-finesse-rfi-gwpkdc89)

cve.org (CVE-2026-20175)

nvd.nist.gov (CVE-2026-20175)

Download JSON