CVE-2020-26078

CWE-73CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 56.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco Cisco IOT Field Network Director (iot-fnd)
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-v46x-3fg3-j892: A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an af2022-05-24
CVEList
Cisco IoT Field Network Director File Overwrite Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director File Overwrite Vulnerability2020-11-18
CVE-2020-26078 (MEDIUM CVSS 6.5) | A vulnerability in the file system | cvebase.io