PT-2020-4953 · Cisco · Cisco Iot Field Network Director

Published

2020-11-18

Updated

2020-11-28

CVE-2020-26076

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Cisco IoT Field Network Director (affected versions not specified)

Description: The issue is related to insufficient authentication procedures for sensitive information in the REST API interface of Cisco IoT Field Network Director. This could allow a remote attacker to gain unauthorized access to protected information. An attacker can exploit this by sending crafted commands to an affected device, potentially allowing them to view sensitive database information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-497CWE-200

Related Identifiers

BDU:2020-05528

CVE-2020-26076

Affected Products

Cisco Iot Field Network Director

PT-2020-4953 · Cisco · Cisco Iot Field Network Director

CVE-2020-26076

Weakness Enumeration

Related Identifiers

Affected Products

References · 6