CVE-2020-26076
18.11.2020, 18:15
A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | iot_field_network_director | 𝑥 < 4.6.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control SphereThe application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the application does.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.