Sign-up

ID

VAR-202011-0706


CVE

CVE-2020-26076


TITLE

Cisco IoT Field Network Director  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013497

DESCRIPTION

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. The system has functions such as equipment management, asset tracking and smart metering. The vulnerability is due to

Trust: 2.79

sources: NVD: CVE-2020-26076 // JVNDB: JVNDB-2020-013497 // CNVD: CNVD-2020-66590 // CNNVD: CNNVD-202011-1625 // VULHUB: VHN-180118

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-66590

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:4.6.1

Trust: 1.6

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2020-66590 // JVNDB: JVNDB-2020-013497 // NVD: CVE-2020-26076

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26076
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26076
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26076
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-66590
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1625
value: HIGH

Trust: 0.6

VULHUB: VHN-180118
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-26076
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-66590
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-180118
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26076
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26076
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2020-26076
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-66590 // VULHUB: VHN-180118 // JVNDB: JVNDB-2020-013497 // CNNVD: CNNVD-202011-1625 // NVD: CVE-2020-26076 // NVD: CVE-2020-26076

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-497

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180118 // JVNDB: JVNDB-2020-013497 // NVD: CVE-2020-26076

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1625

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202011-1625

PATCH

title:cisco-sa-FND-SSI-V2myWX9yurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SSI-V2myWX9y

Trust: 0.8

title:Patch for Cisco IoT Field Network Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241222

Trust: 0.6

title:Cisco IoT Field Network Director Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135288

Trust: 0.6

sources: CNVD: CNVD-2020-66590 // JVNDB: JVNDB-2020-013497 // CNNVD: CNNVD-202011-1625

EXTERNAL IDS

db:NVDid:CVE-2020-26076

Trust: 3.1

db:JVNDBid:JVNDB-2020-013497

Trust: 0.8

db:CNVDid:CNVD-2020-66590

Trust: 0.7

db:CNNVDid:CNNVD-202011-1625

Trust: 0.7

db:AUSCERTid:ESB-2020.4111

Trust: 0.6

db:VULHUBid:VHN-180118

Trust: 0.1

sources: CNVD: CNVD-2020-66590 // VULHUB: VHN-180118 // JVNDB: JVNDB-2020-013497 // CNNVD: CNNVD-202011-1625 // NVD: CVE-2020-26076

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-26076

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fnd-ssi-v2mywx9y

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2020.4111/

Trust: 0.6

sources: CNVD: CNVD-2020-66590 // VULHUB: VHN-180118 // JVNDB: JVNDB-2020-013497 // CNNVD: CNNVD-202011-1625 // NVD: CVE-2020-26076

SOURCES

db:CNVDid:CNVD-2020-66590
db:VULHUBid:VHN-180118
db:JVNDBid:JVNDB-2020-013497
db:CNNVDid:CNNVD-202011-1625
db:NVDid:CVE-2020-26076

LAST UPDATE DATE

2024-11-23T21:51:12.891000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-66590date:2020-11-26T00:00:00
db:VULHUBid:VHN-180118date:2020-11-28T00:00:00
db:JVNDBid:JVNDB-2020-013497date:2021-07-07T07:01:00
db:CNNVDid:CNNVD-202011-1625date:2020-12-02T00:00:00
db:NVDid:CVE-2020-26076date:2024-11-21T05:19:11.020

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-66590date:2020-11-26T00:00:00
db:VULHUBid:VHN-180118date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013497date:2021-07-07T00:00:00
db:CNNVDid:CNNVD-202011-1625date:2020-11-18T00:00:00
db:NVDid:CVE-2020-26076date:2020-11-18T18:15:11.730