CVE-2020-3392

CWE-306Missing Authentication5 documents5 sources
Severity
7.5HIGH
EPSS
1.6%
top 18.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOT Field Network DirectorCisco Cisco IOT Field Network Director (iot-fnd)
Timeline
PublishedNov 18
Latest updateMay 24

Description

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
GHSA-vc2p-5mxr-hx98: A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on2022-05-24
OSV
qemu vulnerabilities2021-07-15
CVEList
Cisco IoT Field Network Director Missing API Authentication Vulnerability2020-11-18

📋Vendor Advisories

1
Cisco
Cisco IoT Field Network Director Missing API Authentication Vulnerability2020-11-18
CVE-2020-3392 (HIGH CVSS 7.5) | A vulnerability in the API of Cisco | cvebase.io