PT-2020-4911 · Cisco · Cisco Iot Field Network Director

Published

2020-11-18

Updated

2020-11-25

CVE-2020-26072

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Cisco IoT Field Network Director (affected versions not specified)

Description: The issue is related to insufficient authorization in the SOAP API of Cisco IoT Field Network Director, allowing an authenticated, remote attacker to access and modify information on devices that belong to a different domain. This can be achieved by sending specially crafted SOAP API requests to affected devices for devices outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

BDU:2020-05486

CVE-2020-26072

Affected Products

Cisco Iot Field Network Director

PT-2020-4911 · Cisco · Cisco Iot Field Network Director

CVE-2020-26072

Weakness Enumeration

Related Identifiers

Affected Products

References · 6