PT-2020-4663 · Cisco · Cisco Edge Fog Fabric

Published

2020-11-04

Updated

2020-11-19

CVE-2020-26084

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Cisco Edge Fog Fabric (affected versions not specified)

Description A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

BDU:2020-05215

CVE-2020-26084

Affected Products

Cisco Edge Fog Fabric

PT-2020-4663 · Cisco · Cisco Edge Fog Fabric

CVE-2020-26084

Weakness Enumeration

Related Identifiers

Affected Products

References · 6