CVE-2020-26076

CWE-497CWE-200Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
0.6%
top 31.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco Cisco IOT Field Network Director (iot-fnd)
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-32mw-c4pf-prw5: A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an2022-05-24
CVEList
Cisco IoT Field Network Director Information Disclosure Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director Information Disclosure Vulnerability2020-11-18
CVE-2020-26076 (HIGH CVSS 7.5) | A vulnerability in Cisco IoT Field | cvebase.io