Cisco Iot Field Network Director vulnerabilities

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2020-3531 [CRITICAL] CWE-306 CVE-2020-3531: A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthentic A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site r

CVE-2020-26075 [HIGH] CWE-89 CVE-2020-26075: A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticat A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by craftin

CVE-2020-26076 [HIGH] CWE-497 CVE-2020-26076: A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote att A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device.

CVE-2020-3392 [HIGH] CWE-306 CVE-2020-3392: A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected syst

CVE-2020-26072 [HIGH] CWE-284 CVE-2020-26072: A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticat A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affec

CVE-2020-26081 [MEDIUM] CWE-74 CVE-2020-26081: Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unau Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit the

CVE-2020-26077 [MEDIUM] CWE-284 CVE-2020-26077: A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request

CVE-2020-26078 [MEDIUM] CWE-73 CVE-2020-26078: A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenti A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successfu

CVE-2020-26080 [MEDIUM] CWE-284 CVE-2020-26080: A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON pay

CVE-2020-26079 [MEDIUM] CWE-256 CVE-2020-26079: A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a ca

CVE-2020-3162 [HIGH] CWE-20 CVE-2020-3162: A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Net A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerabilit

CVE-2019-1957 [HIGH] CWE-399 CVE-2019-1957: A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthentica A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this

CVE-2019-1698 [MEDIUM] CWE-611 CVE-2019-1698: A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director ( A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. A

CVE-2019-1644 [HIGH] CWE-400 CVE-2019-1644: A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) co A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by

CVE-2018-0270 [HIGH] CWE-352 CVE-2018-0270: A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based managem

CVE-2017-6780 [HIGH] CWE-399 CVE-2017-6780: A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could a A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this v