CVE-2020-26072 – Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-26072
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. Una vulnerabilidad en la API SOAP de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado acceder y modificar información en dispositivos que pertenecen a un dominio diferente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2020-3162 – Cisco IoT Field Network Director Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3162
A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. Una vulnerabilidad en la implementación de Constrained Application Protocol (CoAP) de Cisco IoT Field Network Director podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq • CWE-20: Improper Input Validation •
CVE-2019-1957 – Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1957
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. Una vulnerabilidad en la interfaz web de IoT Field Network Director de Cisco, podría permitir a un atacante remoto no autenticado desencadenar un uso elevado de la CPU, resultando en una condición de una denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos • CWE-399: Resource Management Errors •
CVE-2019-1698 – Cisco IoT Field Network Director XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2019-1698
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. Una vulnerabilidad en la interfaz web del usuario del software Internet of Things Field Network Director (IoT-FND) de Cisco podría permitir que un atacante remoto autenticado obtenga acceso de lectura a información que se encuentre almacenada en un sistema afectado. • https://github.com/raytran54/CVE-2019-1698 http://www.securityfocus.com/bid/107093 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-iot-fnd-xml • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2017-6780
https://notcve.org/view.php?id=CVE-2017-6780
A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. • http://www.securityfocus.com/bid/100641 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •