Lucene search

CiscoCVELIST:CVE-2020-26080

HistoryNov 18, 2020 - 5:40 p.m.

CVE-2020-26080 Cisco IoT Field Network Director Improper Domain Access Control Vulnerability

2020-11-1817:40:46

CWE-284

cisco

www.cve.org

cisco

iot

field network director

domain access control

vulnerability

user management

json payloads

remote attacker

authenticated

exploit

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.

CNA Affected

[
  {
    "product": "Cisco IoT Field Network Director (IoT-FND)",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-UPWD-dCRPuQ78

CVSS3

4.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2020-26080