CVE-2020-26080

CWE-284Improper Access ControlCWE-269Improper Privilege Management4 documents4 sources
Severity
4.1MEDIUM
EPSS
0.1%
top 66.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco Cisco IOT Field Network Director (iot-fnd)
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in differ

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cvff-94cp-ph79: A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage2022-05-24
CVEList
Cisco IoT Field Network Director Improper Domain Access Control Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director Improper Domain Access Control Vulnerability2020-11-18
CVE-2020-26080 (MEDIUM CVSS 4.1) | A vulnerability in the user managem | cvebase.io