20 matches found
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2020-3162
CVE-2020-3162 affects Cisco IoT Field Network Director. The vulnerability exists in the CoAP implementation and stems from insufficient input validation of incoming CoAP traffic, allowing an unauthenticated remote attacker to send a malformed CoAP packet and force the CoAP server to stop, causing...
CVE-2019-1644
CVE-2019-1644 affects Cisco IoT Field Network Director (IoT-FND). The issue is a resource-management error in the UDP ingress path that lets an unauthenticated, remote attacker send a high rate of UDP packets to exhaust system resources, causing a DoS. Affected component is the UDP protocol handl...
CVE-2019-1957
Cisco IoT Field Network Director exposes a TLS renegotiation handling flaw in its web interface that an unauthenticated, remote attacker can exploit by sending renegotiation requests at a high rate, causing high CPU usage and DoS. This is documented across multiple sources (NVD/NVD CVE entry and ...
CVE-2020-26072
Cisco IoT Field Network Director (FND) SOAP API has an authorization bypass vulnerability (CVE-2020-26072). An authenticated, remote attacker can send SOAP requests to devices outside their authorized domain, due to insufficient SOAP API authorization. Impact: attacker could access and modify inf...
CVE-2018-0270
CVE-2018-0270 describes a CSRF vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) that could let an unauthenticated, remote attacker perform arbitrary actions with the privileges of the logged-in user by tricking them into following a malicious link....
CVE-2020-26077
CVE-2020-26077 concerns Cisco IoT Field Network Director (FND) and describes an access-control error that could let an authenticated, remote attacker view user lists from different domains. The flaw arises when an API request alters the domain for a requested user list, enabling cross-domain expo...
CVE-2020-26075
Cisco IoT Field Network Director (FND) REST API suffers from insufficient input validation, enabling authenticated remote attackers to craft malicious API requests and potentially access the device’s back-end database (SQL‑injection-like effect). Affected component is the REST API of FND; impact ...
CVE-2020-26081
Cisco IoT Field Network Director (FND) web UI is affected by CVE-2020-26081, a cross-site scripting vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link to execute arbitrary script in the interface or ac...
CVE-2020-3392
Cisco IoT Field Network Director (IoT-FND) is affected by CVE-2020-3392 due to API calls not being authenticated. An unauthenticated, remote attacker can send API requests to view sensitive information about managed devices. The root cause is improper API authentication. Cisco Cisco Security Advi...
CVE-2020-26076
Cisco IoT Field Network Director (FND) information-disclosure vulnerability (CVE-2020-26076) allows an unauthenticated remote attacker to view sensitive database information by sending crafted curl commands. Affected releases before Cisco’s advisory fix; Cisco has released software updates to add...
CVE-2020-3531
Cisco IoT Field Network Director (FND) is affected by an unauthenticated REST API vulnerability. The REST API fails to properly authenticate calls, enabling an attacker to obtain a CSRF token and perform REST requests that read, alter, or drop data in the back‑end database. Impact is high (unauth...
CVE-2019-1698
The CVE-2019-1698 issue affects Cisco IoT Field Network Director (IoT-FND) Web UI. It stems from improper handling of XML External Entity (XXE) entries when parsing certain XML files, allowing an authenticated, remote attacker to read files stored on the affected system. Impact is read access to ...
CVE-2017-6780
CVE-2017-6780 describes a memory-exhaustion DoS in Cisco IoT Field Network Director (IoT-FND) due to insufficient rate-limiting in the TCP throttling path. An unauthenticated, remote attacker can send high-rate TCP traffic to a set of open ports, causing the device to consume memory and eventuall...
CVE-2020-26080
CVE-2020-26080 affects Cisco IoT Field Network Director (FND). The issue arises from improper domain access control in the user management feature, allowing an authenticated, remote attacker to manipulate JSON payloads to manage user information for users in different domains on an affected syste...
CVE-2020-26078
The CVE-2020-26078 issue affects Cisco IoT Field Network Director (FND). Affected products: FND versions prior to 4.6.1. Root cause: insufficient file system protections allowing an authenticated, remote attacker to overwrite files via crafted API requests. Impact: potential file overwrites on th...
CVE-2020-26079
Cisco IoT Field Network Director (FND) web UI contains a credentials protection flaw (CVE-2020-26079) that allows an authenticated admin to retrieve password hashes from an affected device due to insufficient protection of user credentials. Affected product/version details are noted in multiple s...
CVE-2026-20167
Cisco IoT Field Network Director exposes a web-based management interface flaw where an authenticated, low-privilege attacker can trigger a DoS on a remotely managed router. The root cause is improper error handling, with crafted input potentially causing the router to reload by requesting unauth...
CVE-2026-20168
Cisco IoT Field Network Director’s web-based management interface is affected by a path traversal vulnerability caused by insufficient file access checks. An authenticated, low-privilege remote attacker could submit crafted input via the web UI to read files they are not authorized to access, imp...
CVE-2026-20169
Cisco IoT Field Network Director exposes a CVE-2026-20169 vulnerability in its web-based management interface. The issue stems from insufficient input validation of user-supplied data, allowing an authenticated, low-privilege attacker to access files and execute limited commands on a remote route...