CVE-2020-26079

CWE-256CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.2%
top 62.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco Cisco IOT Field Network Director (iot-fnd)
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9hxq-8wvw-w8gj: A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwor2022-05-24
CVEList
Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability2020-11-18
CVE-2020-26079 (MEDIUM CVSS 4.9) | A vulnerability in the web UI of Ci | cvebase.io