CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-3531

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile26.31th
Published2020年11月18日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.

Affected Platforms (CPE)

📦
Cisco

Iot Field Network Director

< 4.6.1

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F

相关漏洞威胁

CVE-2020-260758.8

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain ac...

CVE-2018-02708.8

A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated...

CVE-2020-260728.7

A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access ...

CVE-2019-19577.5

A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigge...