Lucene search
+L

132 matches found

Prion
Prion
added 2020/11/18 6:15 p.m.15 views

Design/Logic Flaw

A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...

5CVSS7.6AI score0.01319EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/18 6:15 p.m.12 views

Input validation

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. ...

9CVSS8.7AI score0.01565EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/18 5:41 p.m.18 views

CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

9.8CVSS9.5AI score0.02173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/18 5:41 p.m.11 views

CVE-2020-3531 Cisco IoT Field Network Director Unauthenticated REST API Vulnerability

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

9.8CVSS7.1AI score0.02173EPSS
Exploits0References1
CVE
CVE
added 2020/11/18 5:41 p.m.57 views

CVE-2020-3531

Cisco IoT Field Network Director (FND) is affected by an unauthenticated REST API vulnerability. The REST API fails to properly authenticate calls, enabling an attacker to obtain a CSRF token and perform REST requests that read, alter, or drop data in the back‑end database. Impact is high (unauth...

10CVSS9.6AI score0.02173EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/11/18 5:41 p.m.10 views

CVE-2020-3392 Cisco IoT Field Network Director Missing API Authentication Vulnerability

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

7.5CVSS6.5AI score0.01528EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/18 5:41 p.m.20 views

CVE-2020-3392 Cisco IoT Field Network Director Missing API Authentication Vulnerability

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

7.5CVSS7.4AI score0.01528EPSS
Exploits0References1
CVE
CVE
added 2020/11/18 5:41 p.m.59 views

CVE-2020-3392

Cisco IoT Field Network Director (IoT-FND) is affected by CVE-2020-3392 due to API calls not being authenticated. An unauthenticated, remote attacker can send API requests to view sensitive information about managed devices. The root cause is improper API authentication. Cisco Cisco Security Advi...

7.5CVSS7.4AI score0.01528EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.9 views

CVE-2020-26081 Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...

6.1CVSS6.1AI score0.00791EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/18 5:40 p.m.25 views

CVE-2020-26081 Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...

6.1CVSS6.1AI score0.00791EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.6 views

CVE-2020-26080 Cisco IoT Field Network Director Improper Domain Access Control Vulnerability

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

4.1CVSS6.7AI score0.0071EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/18 5:40 p.m.21 views

CVE-2020-26080 Cisco IoT Field Network Director Improper Domain Access Control Vulnerability

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

4.1CVSS4.4AI score0.0071EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/18 5:40 p.m.18 views

CVE-2020-26079 Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability

A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...

4.1CVSS5.1AI score0.00963EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.10 views

CVE-2020-26079 Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability

A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...

4.1CVSS6.8AI score0.00963EPSS
Exploits0References1
CVE
CVE
added 2020/11/18 5:40 p.m.48 views

CVE-2020-26079

Cisco IoT Field Network Director (FND) web UI contains a credentials protection flaw (CVE-2020-26079) that allows an authenticated admin to retrieve password hashes from an affected device due to insufficient protection of user credentials. Affected product/version details are noted in multiple s...

4.9CVSS4.6AI score0.00963EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/18 5:40 p.m.49 views

CVE-2020-26078

The CVE-2020-26078 issue affects Cisco IoT Field Network Director (FND). Affected products: FND versions prior to 4.6.1. Root cause: insufficient file system protections allowing an authenticated, remote attacker to overwrite files via crafted API requests. Impact: potential file overwrites on th...

6.5CVSS5.4AI score0.01434EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.9 views

CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

4.9CVSS6.8AI score0.01434EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/18 5:40 p.m.25 views

CVE-2020-26078 Cisco IoT Field Network Director File Overwrite Vulnerability

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

4.9CVSS6.4AI score0.01434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.5 views

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

5CVSS6.8AI score0.00747EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2020/11/18 5:40 p.m.10 views

CVE-2020-26076 Cisco IoT Field Network Director Information Disclosure Vulnerability

A vulnerability in Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability b...

5.3CVSS7AI score0.01319EPSS
Exploits0References1
Rows per page
Query Builder