CVE-2020-26072 – Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-26072
A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. Una vulnerabilidad en la API SOAP de Cisco IoT Field Network Director (FND), podría permitir a un atacante remoto autenticado acceder y modificar información en dispositivos que pertenecen a un dominio diferente. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2020-3162 – Cisco IoT Field Network Director Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3162
A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. Una vulnerabilidad en la implementación de Constrained Application Protocol (CoAP) de Cisco IoT Field Network Director podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq • CWE-20: Improper Input Validation •
CVE-2019-1957 – Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1957
A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition. Una vulnerabilidad en la interfaz web de IoT Field Network Director de Cisco, podría permitir a un atacante remoto no autenticado desencadenar un uso elevado de la CPU, resultando en una condición de una denegación de servicio (DoS) en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-fnd-dos • CWE-399: Resource Management Errors •
CVE-2019-1698 – Cisco IoT Field Network Director XML External Entity Vulnerability
https://notcve.org/view.php?id=CVE-2019-1698
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected. Una vulnerabilidad en la interfaz web del usuario del software Internet of Things Field Network Director (IoT-FND) de Cisco podría permitir que un atacante remoto autenticado obtenga acceso de lectura a información que se encuentre almacenada en un sistema afectado. • https://github.com/raytran54/CVE-2019-1698 http://www.securityfocus.com/bid/107093 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-iot-fnd-xml • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2019-1644 – Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1644
A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition. Una vulnerabilidad en la implementación del protocolo UDP para Cisco IoT Field Network Director (IoT-FND) podría permitir que un atacante remoto no autenticado agote los recursos del sistema, lo que resulta en una condición de denegación de servicio (DoS). • http://www.securityfocus.com/bid/106709 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •