Lucene search

CiscoCVELIST:CVE-2020-26075

HistoryNov 18, 2020 - 5:40 p.m.

CVE-2020-26075 Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability

2020-11-1817:40:24

CWE-89

cisco

www.cve.org

cisco iot field network

api

input validation

vulnerability

remote attacker

database

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.

CNA Affected

[
  {
    "product": "Cisco IoT Field Network Director (IoT-FND)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SQL-zEkBnL2h