Lucene search
K
CiscoIot Field Network Director

20 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5304 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2020/04/15 8:10 p.m.87 views

CVE-2020-3162

CVE-2020-3162 affects Cisco IoT Field Network Director. The vulnerability exists in the CoAP implementation and stems from insufficient input validation of incoming CoAP traffic, allowing an unauthenticated remote attacker to send a malformed CoAP packet and force the CoAP server to stop, causing...

7.5CVSS7.5AI score0.01665EPSS
CVE
CVE
added 2019/01/23 11:0 p.m.80 views

CVE-2019-1644

CVE-2019-1644 affects Cisco IoT Field Network Director (IoT-FND). The issue is a resource-management error in the UDP ingress path that lets an unauthenticated, remote attacker send a high rate of UDP packets to exhaust system resources, causing a DoS. Affected component is the UDP protocol handl...

7.5CVSS7.5AI score0.02299EPSS
CVE
CVE
added 2019/08/08 7:30 a.m.71 views

CVE-2019-1957

Cisco IoT Field Network Director exposes a TLS renegotiation handling flaw in its web interface that an unauthenticated, remote attacker can exploit by sending renegotiation requests at a high rate, causing high CPU usage and DoS. This is documented across multiple sources (NVD/NVD CVE entry and ...

7.8CVSS6.1AI score0.01967EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.69 views

CVE-2020-26072

Cisco IoT Field Network Director (FND) SOAP API has an authorization bypass vulnerability (CVE-2020-26072). An authenticated, remote attacker can send SOAP requests to devices outside their authorized domain, due to insufficient SOAP API authorization. Impact: attacker could access and modify inf...

8.7CVSS8.5AI score0.01EPSS
CVE
CVE
added 2018/05/17 3:0 a.m.62 views

CVE-2018-0270

CVE-2018-0270 describes a CSRF vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) that could let an unauthenticated, remote attacker perform arbitrary actions with the privileges of the logged-in user by tricking them into following a malicious link....

8.8CVSS8.8AI score0.00719EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.60 views

CVE-2020-26077

CVE-2020-26077 concerns Cisco IoT Field Network Director (FND) and describes an access-control error that could let an authenticated, remote attacker view user lists from different domains. The flaw arises when an API request alters the domain for a requested user list, enabling cross-domain expo...

5CVSS4.6AI score0.00747EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.59 views

CVE-2020-26075

Cisco IoT Field Network Director (FND) REST API suffers from insufficient input validation, enabling authenticated remote attackers to craft malicious API requests and potentially access the device’s back-end database (SQL‑injection-like effect). Affected component is the REST API of FND; impact ...

9CVSS7AI score0.01565EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.59 views

CVE-2020-26081

Cisco IoT Field Network Director (FND) web UI is affected by CVE-2020-26081, a cross-site scripting vulnerability due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link to execute arbitrary script in the interface or ac...

6.1CVSS6.2AI score0.00791EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.58 views

CVE-2020-3392

Cisco IoT Field Network Director (IoT-FND) is affected by CVE-2020-3392 due to API calls not being authenticated. An unauthenticated, remote attacker can send API requests to view sensitive information about managed devices. The root cause is improper API authentication. Cisco Cisco Security Advi...

7.5CVSS7.4AI score0.01528EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.57 views

CVE-2020-26076

Cisco IoT Field Network Director (FND) information-disclosure vulnerability (CVE-2020-26076) allows an unauthenticated remote attacker to view sensitive database information by sending crafted curl commands. Affected releases before Cisco’s advisory fix; Cisco has released software updates to add...

7.5CVSS6.2AI score0.01319EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.57 views

CVE-2020-3531

Cisco IoT Field Network Director (FND) is affected by an unauthenticated REST API vulnerability. The REST API fails to properly authenticate calls, enabling an attacker to obtain a CSRF token and perform REST requests that read, alter, or drop data in the back‑end database. Impact is high (unauth...

10CVSS9.6AI score0.02173EPSS
CVE
CVE
added 2019/02/21 9:0 p.m.56 views

CVE-2019-1698

The CVE-2019-1698 issue affects Cisco IoT Field Network Director (IoT-FND) Web UI. It stems from improper handling of XML External Entity (XXE) entries when parsing certain XML files, allowing an authenticated, remote attacker to read files stored on the affected system. Impact is read access to ...

4.9CVSS5AI score0.03122EPSS
CVE
CVE
added 2017/09/07 9:0 p.m.55 views

CVE-2017-6780

CVE-2017-6780 describes a memory-exhaustion DoS in Cisco IoT Field Network Director (IoT-FND) due to insufficient rate-limiting in the TCP throttling path. An unauthenticated, remote attacker can send high-rate TCP traffic to a set of open ports, causing the device to consume memory and eventuall...

7.8CVSS7.5AI score0.01738EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.50 views

CVE-2020-26080

CVE-2020-26080 affects Cisco IoT Field Network Director (FND). The issue arises from improper domain access control in the user management feature, allowing an authenticated, remote attacker to manipulate JSON payloads to manage user information for users in different domains on an affected syste...

4.1CVSS4.3AI score0.0071EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.49 views

CVE-2020-26078

The CVE-2020-26078 issue affects Cisco IoT Field Network Director (FND). Affected products: FND versions prior to 4.6.1. Root cause: insufficient file system protections allowing an authenticated, remote attacker to overwrite files via crafted API requests. Impact: potential file overwrites on th...

6.5CVSS5.4AI score0.01434EPSS
CVE
CVE
added 2020/11/18 5:40 p.m.48 views

CVE-2020-26079

Cisco IoT Field Network Director (FND) web UI contains a credentials protection flaw (CVE-2020-26079) that allows an authenticated admin to retrieve password hashes from an affected device due to insufficient protection of user credentials. Affected product/version details are noted in multiple s...

4.9CVSS4.6AI score0.00963EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.20 views

CVE-2026-20167

Cisco IoT Field Network Director exposes a web-based management interface flaw where an authenticated, low-privilege attacker can trigger a DoS on a remotely managed router. The root cause is improper error handling, with crafted input potentially causing the router to reload by requesting unauth...

7.7CVSS5.8AI score0.00272EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.18 views

CVE-2026-20168

Cisco IoT Field Network Director’s web-based management interface is affected by a path traversal vulnerability caused by insufficient file access checks. An authenticated, low-privilege remote attacker could submit crafted input via the web UI to read files they are not authorized to access, imp...

6.5CVSS5.8AI score0.00272EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.13 views

CVE-2026-20169

Cisco IoT Field Network Director exposes a CVE-2026-20169 vulnerability in its web-based management interface. The issue stems from insufficient input validation of user-supplied data, allowing an authenticated, low-privilege attacker to access files and execute limited commands on a remote route...

6.4CVSS5.9AI score0.0021EPSS