Lucene search
+L

19 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/23 12:0 a.m.60 views

Cisco IoT Field Network Director DoS (cisco-sa-http2-reset-d8Kf32vZ)

The version of Cisco IoT Field Network Director IoT-FND, formerly Connected Grid Network Management System, installed on the remote host is prior to 4.11.0. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a...

7.5CVSS7.2AI score0.99999EPSS
Exploits20References3
Tenable Nessus
Tenable Nessus
added 2020/11/24 12:0 a.m.18 views

Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F)

A Rest API vulnerability exists in Cisco IoT Field Network Director IoT-FND due to IoT-FND not properly authenticating REST API calls. An unauthenticated, remote attacker can exploit this, by obtaining a cross-site request forgery CSRF token and then using the token with REST API requests, to...

10CVSS8.2AI score0.02173EPSS
Exploits0References4
NVD
NVD
added 2020/11/18 7:15 p.m.15 views

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

10CVSS9.6AI score0.02173EPSS
Exploits0References1
Prion
Prion
added 2020/11/18 7:15 p.m.24 views

Cross site request forgery (csrf)

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

10CVSS9.3AI score0.02173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/11/18 6:15 p.m.18 views

CVE-2020-26080

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

4.1CVSS4.3AI score0.0071EPSS
Exploits0References1
NVD
NVD
added 2020/11/18 6:15 p.m.18 views

CVE-2020-3392

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

7.5CVSS7.4AI score0.01528EPSS
Exploits0References1
NVD
NVD
added 2020/11/18 6:15 p.m.17 views

CVE-2020-26072

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

8.7CVSS8.5AI score0.01EPSS
Exploits0References1
NVD
NVD
added 2020/11/18 6:15 p.m.20 views

CVE-2020-26079

A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...

4.9CVSS4.6AI score0.00963EPSS
Exploits0References1
Prion
Prion
added 2020/11/18 6:15 p.m.14 views

Design/Logic Flaw

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

4CVSS4.5AI score0.0071EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/18 6:15 p.m.14 views

Cross site scripting

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...

4.3CVSS6AI score0.00791EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/18 6:15 p.m.14 views

Authorization

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

5.5CVSS8.4AI score0.01EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/11/18 6:15 p.m.14 views

Improper access control

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

4CVSS4.6AI score0.00747EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/18 5:40 p.m.29 views

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

5CVSS4.6AI score0.00747EPSS
Exploits0References1
Prion
Prion
added 2019/02/21 9:29 p.m.21 views

Xxe

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

4CVSS5AI score0.03122EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/01/23 11:29 p.m.20 views

Race condition

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...

5CVSS7.5AI score0.02299EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/01/23 11:29 p.m.18 views

CVE-2019-1644

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...

7.5CVSS7.5AI score0.02299EPSS
Exploits0References2
NVD
NVD
added 2018/05/17 3:29 a.m.20 views

CVE-2018-0270

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...

8.8CVSS8.9AI score0.00719EPSS
Exploits0References2
Prion
Prion
added 2017/09/07 9:29 p.m.18 views

Memory corruption

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient...

7.8CVSS7.5AI score0.01738EPSS
Exploits0References2Affected Software2
Cisco
Cisco
added 2017/09/06 4:0 p.m.43 views

Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart. The vulnerability is due to insufficient rate-limiting protection...

7.5CVSS7.5AI score0.01738EPSS
Exploits0References1
Rows per page
Query Builder