132 matches found
Design/Logic Flaw
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...
Input validation
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...
CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...
CVE-2020-3531
Cisco IoT Field Network Director (FND) is affected by an unauthenticated REST API vulnerability. The REST API fails to properly authenticate calls, enabling an attacker to obtain a CSRF token and perform REST requests that read, alter, or drop data in the back‑end database. Impact is high (unauth...
CVE-2020-3392 Cisco IoT Field Network Director Missing API Authentication Vulnerability
A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...
CVE-2020-3392 Cisco IoT Field Network Director Missing API Authentication Vulnerability
A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...
CVE-2020-3392
Cisco IoT Field Network Director (IoT-FND) is affected by CVE-2020-3392 due to API calls not being authenticated. An unauthenticated, remote attacker can send API requests to view sensitive information about managed devices. The root cause is improper API authentication. Cisco Cisco Security Advi...
CVE-2020-26081 Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...
CVE-2020-26081 Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...
CVE-2020-26080 Cisco IoT Field Network Director Improper Domain Access Control Vulnerability
A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...
CVE-2020-26080 Cisco IoT Field Network Director Improper Domain Access Control Vulnerability
A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...
CVE-2020-26079 Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability
A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...
CVE-2020-26079 Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability
A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...
CVE-2020-26079
Cisco IoT Field Network Director (FND) web UI contains a credentials protection flaw (CVE-2020-26079) that allows an authenticated admin to retrieve password hashes from an affected device due to insufficient protection of user credentials. Affected product/version details are noted in multiple s...
CVE-2020-26078
The CVE-2020-26078 issue affects Cisco IoT Field Network Director (FND). Affected products: FND versions prior to 4.6.1. Root cause: insufficient file system protections allowing an authenticated, remote attacker to overwrite files via crafted API requests. Impact: potential file overwrites on th...
CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability
A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...
CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability
A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...
CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability
A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...
CVE-2020-26076 Cisco IoT Field Network Director Information Disclosure Vulnerability
A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...