PT-2020-4910 · Cisco · Cisco Iot Field Network Director

Published

2020-11-18

Updated

2020-12-02

CVE-2020-3531

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Cisco IoT Field Network Director (affected versions not specified)

Description: A vulnerability in the REST API of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The issue exists due to the software not properly authenticating REST API calls. An attacker could exploit this by obtaining a cross-site request forgery (CSRF) token and using it with REST API requests, potentially allowing access to the back-end database to read, alter, or drop information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2020-05485

CVE-2020-3531

Affected Products

Cisco Iot Field Network Director

PT-2020-4910 · Cisco · Cisco Iot Field Network Director

CVE-2020-3531

Weakness Enumeration

Related Identifiers

Affected Products

References · 5