Details of VAR-202011-0709

ID

VAR-202011-0709

CVE

CVE-2020-26079

TITLE

Cisco IoT Field Network Director Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013476

DESCRIPTION

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. The system has functions such as equipment management, asset tracking and smart metering

Trust: 2.79

sources: NVD: CVE-2020-26079 // JVNDB: JVNDB-2020-013476 // CNVD: CNVD-2021-05528 // CNNVD: CNNVD-202011-1643 // VULHUB: VHN-180121

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-05528

AFFECTED PRODUCTS

vendor:	cisco	model:	iot field network director	scope:	lt	version:	4.6.1	Trust: 1.6
vendor:	シスコシステムズ	model:	cisco iot field network director	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-05528 // JVNDB: JVNDB-2020-013476 // NVD: CVE-2020-26079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26079
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-26079
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26079
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-05528
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-1643
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-180121
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26079
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-05528
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-180121
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26079
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-26079
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	1.4
version:	3.0
Trust: 1.0
NVD:	CVE-2020-26079
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-05528 // VULHUB: VHN-180121 // JVNDB: JVNDB-2020-013476 // CNNVD: CNNVD-202011-1643 // NVD: CVE-2020-26079 // NVD: CVE-2020-26079

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-256	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180121 // JVNDB: JVNDB-2020-013476 // NVD: CVE-2020-26079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1643

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1643

PATCH

title:	cisco-sa-FND-PWH-yCA6M7p	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-PWH-yCA6M7p	Trust: 0.8
title:	Patch for Cisco IoT Field Network Director Credentials Insecure Storage Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/245287	Trust: 0.6
title:	Cisco IoT Field Network Director Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134365	Trust: 0.6

sources: CNVD: CNVD-2021-05528 // JVNDB: JVNDB-2020-013476 // CNNVD: CNNVD-202011-1643

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26079	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-013476	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-1643	Trust: 0.7
db:	CNVD	id:	CNVD-2021-05528	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4111	Trust: 0.6
db:	VULHUB	id:	VHN-180121	Trust: 0.1

sources: CNVD: CNVD-2021-05528 // VULHUB: VHN-180121 // JVNDB: JVNDB-2020-013476 // CNNVD: CNNVD-202011-1643 // NVD: CVE-2020-26079

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-26079	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fnd-pwh-yca6m7p	Trust: 1.7
url:	https://www.auscert.org.au/bulletins/esb-2020.4111/	Trust: 0.6

sources: CNVD: CNVD-2021-05528 // VULHUB: VHN-180121 // JVNDB: JVNDB-2020-013476 // CNNVD: CNNVD-202011-1643 // NVD: CVE-2020-26079

SOURCES

db:	CNVD	id:	CNVD-2021-05528
db:	VULHUB	id:	VHN-180121
db:	JVNDB	id:	JVNDB-2020-013476
db:	CNNVD	id:	CNNVD-202011-1643
db:	NVD	id:	CVE-2020-26079

LAST UPDATE DATE

2024-11-23T21:51:12.980000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-05528	date:	2021-01-25T00:00:00
db:	VULHUB	id:	VHN-180121	date:	2020-11-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-013476	date:	2021-07-06T09:13:00
db:	CNNVD	id:	CNNVD-202011-1643	date:	2020-11-27T00:00:00
db:	NVD	id:	CVE-2020-26079	date:	2024-11-21T05:19:11.533

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-05528	date:	2021-01-25T00:00:00
db:	VULHUB	id:	VHN-180121	date:	2020-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2020-013476	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202011-1643	date:	2020-11-18T00:00:00
db:	NVD	id:	CVE-2020-26079	date:	2020-11-18T18:15:11.997