CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26079 – Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability
https://notcve.org/view.php?id=CVE-2020-26079
A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. Una vulnerabilidad en la interfaz de usuario web de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado obtener el hash de contraseñas de los usuarios en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-PWH-yCA6M7p • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26078 – Cisco IoT Field Network Director File Overwrite Vulnerability
https://notcve.org/view.php?id=CVE-2020-26078
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. Una vulnerabilidad en el sistema de archivos de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado sobrescribir archivos en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-OVW-SHzOE3Pd • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26077 – Cisco IoT Field Network Director Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2020-26077
A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. Una vulnerabilidad en la funcionalidad access control de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado visualizar listas de usuarios de diferentes dominios configurados en un sistema afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-LV-hE4Rntet • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26076 – Cisco IoT Field Network Director Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-26076
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. Una vulnerabilidad en Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto no autenticado visualizar información confidencial de la base de datos en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SSI-V2myWX9y • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26075 – Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2020-26075
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. Una vulnerabilidad en la API REST de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado obtener acceso a la base de datos del back-end de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SQL-zEkBnL2h • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •