CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26072 – Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-26072
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. Una vulnerabilidad en la API SOAP de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado acceder y modificar información en dispositivos que pertenecen a un dominio diferente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3162 – Cisco IoT Field Network Director Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3162
A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. Una vulnerabilidad en la implementación de Constrained Application Protocol (CoAP) de Cisco IoT Field Network Director podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1957 – Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1957
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. Una vulnerabilidad en la interfaz web de IoT Field Network Director de Cisco, podría permitir a un atacante remoto no autenticado desencadenar un uso elevado de la CPU, resultando en una condición de una denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1698 – Cisco IoT Field Network Director XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2019-1698
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. Una vulnerabilidad en la interfaz web del usuario del software Internet of Things Field Network Director (IoT-FND) de Cisco podría permitir que un atacante remoto autenticado obtenga acceso de lectura a información que se encuentre almacenada en un sistema afectado. • https://github.com/raytran54/CVE-2019-1698 http://www.securityfocus.com/bid/107093 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-iot-fnd-xml • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0270
https://notcve.org/view.php?id=CVE-2018-0270
A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could create a new, privileged account to obtain full control over the device interface. • http://www.securityfocus.com/bid/104242 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-fnd • CWE-352: Cross-Site Request Forgery (CSRF) •