Lucene search

CiscoCVELIST:CVE-2020-26078

HistoryNov 18, 2020 - 12:00 a.m.

CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability

2020-11-1800:00:00

CWE-73

cisco

www.cve.org

cisco iot field network director

file system

vulnerability

authenticated remote attacker

overwrite files

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

46.8%

JSON

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.

CNA Affected

[
  {
    "product": "Cisco IoT Field Network Director (IoT-FND) ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-OVW-SHzOE3Pd

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2020-26078