CVE-2020-26077Improper Access Control in Cisco IOT Field Network Director

CWE-284Improper Access ControlCWE-269Improper Privilege Management4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 66.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco IOT Field Network Director
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from d

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-7q2r-9q4w-229g: A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view li2022-05-24
CVEList
Cisco IoT Field Network Director Improper Access Control Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director Improper Access Control Vulnerability2020-11-18
CVE-2020-26077 — Improper Access Control in Cisco | cvebase