
CVE-2020-26072 – Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-26072
18 Nov 2020 — A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices tha... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVE-2020-3162 – Cisco IoT Field Network Director Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3162
15 Apr 2020 — A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting com... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq • CWE-20: Improper Input Validation •

CVE-2019-1957 – Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1957
08 Aug 2019 — A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos • CWE-399: Resource Management Errors •

CVE-2019-1698 – Cisco IoT Field Network Director XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2019-1698
21 Feb 2019 — A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the aff... • https://github.com/raytran54/CVE-2019-1698 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2018-0270
https://notcve.org/view.php?id=CVE-2018-0270
17 May 2018 — A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A succes... • http://www.securityfocus.com/bid/104242 • CWE-352: Cross-Site Request Forgery (CSRF) •