Sign-up

ID

VAR-202011-0708


CVE

CVE-2020-26078


TITLE

Cisco IoT Field Network Director  Traversal Vulnerability in Japan

Trust: 0.8

sources: JVNDB: JVNDB-2020-013475

DESCRIPTION

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. The system has functions such as equipment management, asset tracking and smart metering

Trust: 2.79

sources: NVD: CVE-2020-26078 // JVNDB: JVNDB-2020-013475 // CNVD: CNVD-2020-72730 // CNNVD: CNNVD-202011-1642 // VULHUB: VHN-180120

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-72730

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:4.6.1

Trust: 1.6

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2020-72730 // JVNDB: JVNDB-2020-013475 // NVD: CVE-2020-26078

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26078
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26078
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26078
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-72730
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1642
value: MEDIUM

Trust: 0.6

VULHUB: VHN-180120
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-26078
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-72730
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-180120
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-26078
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26078
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2020-26078
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-72730 // VULHUB: VHN-180120 // JVNDB: JVNDB-2020-013475 // CNNVD: CNNVD-202011-1642 // NVD: CVE-2020-26078 // NVD: CVE-2020-26078

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-73

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180120 // JVNDB: JVNDB-2020-013475 // NVD: CVE-2020-26078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1642

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202011-1642

PATCH

title:cisco-sa-FND-OVW-SHzOE3Pdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-OVW-SHzOE3Pd

Trust: 0.8

title:Patch for Cisco IoT Field Network Director file overwrite vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/242254

Trust: 0.6

title:Cisco IoT Field Network Director Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135158

Trust: 0.6

sources: CNVD: CNVD-2020-72730 // JVNDB: JVNDB-2020-013475 // CNNVD: CNNVD-202011-1642

EXTERNAL IDS

db:NVDid:CVE-2020-26078

Trust: 3.1

db:JVNDBid:JVNDB-2020-013475

Trust: 0.8

db:CNNVDid:CNNVD-202011-1642

Trust: 0.7

db:CNVDid:CNVD-2020-72730

Trust: 0.6

db:AUSCERTid:ESB-2020.4111

Trust: 0.6

db:VULHUBid:VHN-180120

Trust: 0.1

sources: CNVD: CNVD-2020-72730 // VULHUB: VHN-180120 // JVNDB: JVNDB-2020-013475 // CNNVD: CNNVD-202011-1642 // NVD: CVE-2020-26078

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-26078

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fnd-ovw-shzoe3pd

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2020.4111/

Trust: 0.6

sources: CNVD: CNVD-2020-72730 // VULHUB: VHN-180120 // JVNDB: JVNDB-2020-013475 // CNNVD: CNNVD-202011-1642 // NVD: CVE-2020-26078

SOURCES

db:CNVDid:CNVD-2020-72730
db:VULHUBid:VHN-180120
db:JVNDBid:JVNDB-2020-013475
db:CNNVDid:CNNVD-202011-1642
db:NVDid:CVE-2020-26078

LAST UPDATE DATE

2024-11-23T21:51:12.833000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-72730date:2020-12-19T00:00:00
db:VULHUBid:VHN-180120date:2020-11-25T00:00:00
db:JVNDBid:JVNDB-2020-013475date:2021-07-06T09:13:00
db:CNNVDid:CNNVD-202011-1642date:2020-11-27T00:00:00
db:NVDid:CVE-2020-26078date:2024-11-21T05:19:11.363

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-72730date:2020-12-19T00:00:00
db:VULHUBid:VHN-180120date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013475date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202011-1642date:2020-11-18T00:00:00
db:NVDid:CVE-2020-26078date:2020-11-18T18:15:11.903