Cisco IoT Field Network Director DoS (cisco-sa-http2-reset-d8Kf32vZ)

The version of Cisco IoT Field Network Director IoT-FND, formerly Connected Grid Network Management System, installed on the remote host is prior to 4.11.0. It is, therefore, affected by a denial of service DoS vulnerability, due to a HTTP/2 protocol-level weakness. The HTTP/2 protocol allows a...

Cisco IoT Field Network Director Unauthenticated REST API (cisco-sa-FND-BCK-GHkPNZ5F)

A Rest API vulnerability exists in Cisco IoT Field Network Director IoT-FND due to IoT-FND not properly authenticating REST API calls. An unauthenticated, remote attacker can exploit this, by obtaining a cross-site request forgery CSRF token and then using the token with REST API requests, to...

CVE-2020-3531

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

Cross site request forgery (csrf)

A vulnerability in the REST API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could...

CVE-2020-26080

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

CVE-2020-3392

A vulnerability in the API of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this...

CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API request...

CVE-2020-26072

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

CVE-2020-26079

A vulnerability in the web UI of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by...

Authorization

A vulnerability in the SOAP API of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit th...

Design/Logic Flaw

A vulnerability in the user management functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could...

Cross site scripting

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director FND could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is...

Improper access control

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Xxe

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

CVE-2019-1698 Cisco IoT Field Network Director XML External Entity Vulnerability

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

Cisco IoT Field Network Director XML External Entity Vulnerability

A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director IoT-FND Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External...

Race condition

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...

CVE-2019-1644

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...

CVE-2019-1644 Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability

A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service DoS condition. The vulnerability is due to improper resource management for UDP ingress...