PT-2020-4894 · Cisco · Cisco Iot Field Network Director

Published

2020-11-18

Updated

2020-12-01

CVE-2020-3392

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cisco IoT Field Network Director (affected versions not specified)

Description: A vulnerability in the API of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The issue exists due to the software's failure to properly authenticate API calls. An attacker could exploit this by sending API requests to an affected system, potentially allowing them to view sensitive information, including details about managed devices, without authentication.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2020-05469

CVE-2020-3392

Affected Products

Cisco Iot Field Network Director

PT-2020-4894 · Cisco · Cisco Iot Field Network Director

CVE-2020-3392

Weakness Enumeration

Related Identifiers

Affected Products

References · 5