Sign-up

ID

VAR-202011-0714


CVE

CVE-2020-26080


TITLE

Cisco IoT Field Network Director  Vulnerability in privilege management

Trust: 0.8

sources: JVNDB: JVNDB-2020-013477

DESCRIPTION

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. The system has functions such as equipment management, asset tracking and smart metering. The vulnerability is due to

Trust: 2.79

sources: NVD: CVE-2020-26080 // JVNDB: JVNDB-2020-013477 // CNVD: CNVD-2020-66599 // CNNVD: CNNVD-202011-1624 // VULHUB: VHN-180123

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-66599

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:4.6.1

Trust: 1.6

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2020-66599 // JVNDB: JVNDB-2020-013477 // NVD: CVE-2020-26080

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-26080
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-26080
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-26080
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-66599
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202011-1624
value: MEDIUM

Trust: 0.6

VULHUB: VHN-180123
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-26080
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-66599
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-180123
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-26080
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-26080
baseSeverity: MEDIUM
baseScore: 4.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-66599 // VULHUB: VHN-180123 // JVNDB: JVNDB-2020-013477 // CNNVD: CNNVD-202011-1624 // NVD: CVE-2020-26080 // NVD: CVE-2020-26080

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-284

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-180123 // JVNDB: JVNDB-2020-013477 // NVD: CVE-2020-26080

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-1624

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202011-1624

PATCH

title:cisco-sa-FND-UPWD-dCRPuQ78url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-UPWD-dCRPuQ78

Trust: 0.8

title:Patch for Cisco IoT Field Network Director access control error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/241249

Trust: 0.6

title:Cisco IoT Field Network Director Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134348

Trust: 0.6

sources: CNVD: CNVD-2020-66599 // JVNDB: JVNDB-2020-013477 // CNNVD: CNNVD-202011-1624

EXTERNAL IDS

db:NVDid:CVE-2020-26080

Trust: 3.1

db:AUSCERTid:ESB-2020.4111

Trust: 1.2

db:JVNDBid:JVNDB-2020-013477

Trust: 0.8

db:CNVDid:CNVD-2020-66599

Trust: 0.7

db:CNNVDid:CNNVD-202011-1624

Trust: 0.7

db:VULHUBid:VHN-180123

Trust: 0.1

sources: CNVD: CNVD-2020-66599 // VULHUB: VHN-180123 // JVNDB: JVNDB-2020-013477 // CNNVD: CNNVD-202011-1624 // NVD: CVE-2020-26080

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-fnd-upwd-dcrpuq78

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-26080

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.4111/

Trust: 1.2

sources: CNVD: CNVD-2020-66599 // VULHUB: VHN-180123 // JVNDB: JVNDB-2020-013477 // CNNVD: CNNVD-202011-1624 // NVD: CVE-2020-26080

SOURCES

db:CNVDid:CNVD-2020-66599
db:VULHUBid:VHN-180123
db:JVNDBid:JVNDB-2020-013477
db:CNNVDid:CNNVD-202011-1624
db:NVDid:CVE-2020-26080

LAST UPDATE DATE

2024-11-23T21:51:12.799000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-66599date:2020-12-19T00:00:00
db:VULHUBid:VHN-180123date:2020-11-25T00:00:00
db:JVNDBid:JVNDB-2020-013477date:2021-07-06T09:13:00
db:CNNVDid:CNNVD-202011-1624date:2020-11-27T00:00:00
db:NVDid:CVE-2020-26080date:2024-11-21T05:19:11.697

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-66599date:2020-11-26T00:00:00
db:VULHUBid:VHN-180123date:2020-11-18T00:00:00
db:JVNDBid:JVNDB-2020-013477date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202011-1624date:2020-11-18T00:00:00
db:NVDid:CVE-2020-26080date:2020-11-18T18:15:12.077