CVE-2020-26076
Cisco IoT Field Network Director Information Disclosure Vulnerability
In short
Cisco IoT Field Network Director has a flaw that lets anyone on the network view sensitive database information without logging in. An attacker can send special commands to access this private data.
Technical detail
An unauthenticated remote attacker can exploit missing authentication controls on sensitive API endpoints in Cisco IoT Field Network Director via crafted HTTP requests to disclose database contents. The vulnerability requires network access to the affected device but no credentials, resulting in confidentiality breach of sensitive stored information.
Summary generated and translated by AI from the official description.
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Cisco · Cisco IoT Field Network Director (IoT-FND)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →