Sign-up

ID

VAR-202011-0707


CVE

CVE-2020-26077


TITLE

Cisco IoT Field Network Director access control error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-72731 // CNNVD: CNNVD-202011-1641

DESCRIPTION

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. Cisco IoT Field Network Director (FND) Contains a privilege management vulnerability.Information may be obtained. The system has functions such as equipment management, asset tracking and smart metering

Trust: 2.79

sources: NVD: CVE-2020-26077 // JVNDB: JVNDB-2020-013474 // CNVD: CNVD-2020-72731 // CNNVD: CNNVD-202011-1641 // VULHUB: VHN-180119

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-72731

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:4.6.1

Trust: 1.6

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2020-72731 // JVNDB: JVNDB-2020-013474 // NVD: CVE-2020-26077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26077
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26077
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26077
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-72731
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1641
value: MEDIUM

Trust: 0.6

VULHUB: VHN-180119
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-26077
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-72731
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-180119
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26077
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26077
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2020-26077
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-72731 // VULHUB: VHN-180119 // JVNDB: JVNDB-2020-013474 // CNNVD: CNNVD-202011-1641 // NVD: CVE-2020-26077 // NVD: CVE-2020-26077

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180119 // JVNDB: JVNDB-2020-013474 // NVD: CVE-2020-26077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1641

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1641

PATCH

title:cisco-sa-FND-LV-hE4Rnteturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-LV-hE4Rntet

Trust: 0.8

title:Patch for Cisco IoT Field Network Director access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/242257

Trust: 0.6

title:Cisco IoT Field Network Director Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134363

Trust: 0.6

sources: CNVD: CNVD-2020-72731 // JVNDB: JVNDB-2020-013474 // CNNVD: CNNVD-202011-1641

EXTERNAL IDS

db:NVDid:CVE-2020-26077

Trust: 3.1

db:JVNDBid:JVNDB-2020-013474

Trust: 0.8

db:CNNVDid:CNNVD-202011-1641

Trust: 0.7

db:CNVDid:CNVD-2020-72731

Trust: 0.6

db:AUSCERTid:ESB-2020.4111

Trust: 0.6

db:VULHUBid:VHN-180119

Trust: 0.1

sources: CNVD: CNVD-2020-72731 // VULHUB: VHN-180119 // JVNDB: JVNDB-2020-013474 // CNNVD: CNNVD-202011-1641 // NVD: CVE-2020-26077

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-26077

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fnd-lv-he4rntet

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2020.4111/

Trust: 0.6

sources: CNVD: CNVD-2020-72731 // VULHUB: VHN-180119 // JVNDB: JVNDB-2020-013474 // CNNVD: CNNVD-202011-1641 // NVD: CVE-2020-26077

SOURCES

db:CNVDid:CNVD-2020-72731
db:VULHUBid:VHN-180119
db:JVNDBid:JVNDB-2020-013474
db:CNNVDid:CNNVD-202011-1641
db:NVDid:CVE-2020-26077

LAST UPDATE DATE

2024-11-23T21:51:12.770000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-72731date:2020-12-19T00:00:00
db:VULHUBid:VHN-180119date:2020-11-25T00:00:00
db:JVNDBid:JVNDB-2020-013474date:2021-07-06T09:13:00
db:CNNVDid:CNNVD-202011-1641date:2020-11-27T00:00:00
db:NVDid:CVE-2020-26077date:2024-11-21T05:19:11.197

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-72731date:2020-12-19T00:00:00
db:VULHUBid:VHN-180119date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013474date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202011-1641date:2020-11-18T00:00:00
db:NVDid:CVE-2020-26077date:2020-11-18T18:15:11.810