cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-26076,https://securityvulnerability.io/vulnerability/CVE-2020-26076,Cisco IoT Field Network Director Information Disclosure Vulnerability,"A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.",Cisco,Cisco Iot Field Network Director (iot-fnd),5.3,MEDIUM,0.0033599999733269215,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3392,https://securityvulnerability.io/vulnerability/CVE-2020-3392,Cisco IoT Field Network Director Missing API Authentication Vulnerability,"A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.",Cisco,Cisco Iot Field Network Director (iot-fnd),7.5,HIGH,0.0033599999733269215,false,,false,false,true,2024-08-04T08:16:38.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3531,https://securityvulnerability.io/vulnerability/CVE-2020-3531,Cisco IoT Field Network Director Unauthenticated REST API Vulnerability,"A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.",Cisco,Cisco Iot Field Network Director (iot-fnd),9.8,CRITICAL,0.004900000058114529,false,,false,false,true,2024-08-04T08:16:45.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26077,https://securityvulnerability.io/vulnerability/CVE-2020-26077,Cisco IoT Field Network Director Improper Access Control Vulnerability,"A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.",Cisco,Cisco Iot Field Network Director (iot-fnd),5,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26078,https://securityvulnerability.io/vulnerability/CVE-2020-26078,Cisco IoT Field Network Director File Overwrite Vulnerability,"A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.",Cisco,Cisco Iot Field Network Director (iot-fnd),4.9,MEDIUM,0.0012199999764561653,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26072,https://securityvulnerability.io/vulnerability/CVE-2020-26072,Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability,"A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.",Cisco,Cisco Iot Field Network Director (iot-fnd),8.7,HIGH,0.00215999991632998,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26075,https://securityvulnerability.io/vulnerability/CVE-2020-26075,Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability,"A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.",Cisco,Cisco Iot Field Network Director (iot-fnd),6.3,MEDIUM,0.0027000000700354576,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26079,https://securityvulnerability.io/vulnerability/CVE-2020-26079,Cisco IoT Field Network Director Unprotected Storage of Credentials Vulnerability,"A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.",Cisco,Cisco Iot Field Network Director (iot-fnd),4.1,MEDIUM,0.001500000013038516,false,,false,false,true,2024-08-04T16:20:27.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26080,https://securityvulnerability.io/vulnerability/CVE-2020-26080,Cisco IoT Field Network Director Improper Domain Access Control Vulnerability,"A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.",Cisco,Cisco Iot Field Network Director (iot-fnd),4.1,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-04T16:20:28.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-26081,https://securityvulnerability.io/vulnerability/CVE-2020-26081,Cisco IoT Field Network Director Cross-Site Scripting Vulnerabilities,"Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.",Cisco,Cisco Iot Field Network Director (iot-fnd),6.1,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T16:20:28.000Z,,false,false,,2020-11-18T00:00:00.000Z,0
CVE-2020-3162,https://securityvulnerability.io/vulnerability/CVE-2020-3162,Cisco IoT Field Network Director Denial of Service Vulnerability,"A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints.",Cisco,Cisco Iot Field Network Director (iot-fnd),7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:27.000Z,,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2019-1957,https://securityvulnerability.io/vulnerability/CVE-2019-1957,Cisco IoT Field Network Director TLS Renegotiation Denial of Service Vulnerability,"A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) renegotiation requests. An attacker could exploit this vulnerability by sending renegotiation requests at a high rate. A successful exploit could increase the resource usage on the system, eventually leading to a DoS condition.",Cisco,Cisco Iot Field Network Director (iot-fnd),5.3,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2019-08-08T08:15:00.000Z,0
CVE-2019-1698,https://securityvulnerability.io/vulnerability/CVE-2019-1698,Cisco IoT Field Network Director XML External Entity Vulnerability,"A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by importing a crafted XML file with malicious entries, which could allow the attacker to read files within the affected application. Versions prior to 4.4(0.26) are affected.",Cisco,Cisco Iot Field Network Director (iot-fnd),4.9,MEDIUM,0.0011699999449774623,false,,false,false,true,2024-08-04T19:16:05.000Z,,false,false,,2019-02-21T21:29:00.000Z,0
CVE-2019-1644,https://securityvulnerability.io/vulnerability/CVE-2019-1644,Cisco IoT Field Network Director Resource Exhaustion Denial of Service Vulnerability,"A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. The vulnerability is due to improper resource management for UDP ingress packets. An attacker could exploit this vulnerability by sending a high rate of UDP packets to an affected system within a short period of time. A successful exploit could allow the attacker to exhaust available system resources, resulting in a DoS condition.",Cisco,Cisco Iot Field Network Director (iot-fnd),7.5,HIGH,0.0009500000160187483,false,,false,false,true,2024-08-04T19:16:02.000Z,,false,false,,2019-01-23T00:00:00.000Z,0