CVE-2020-26079

CVE Database · CVE-2020-26079

CVE-2020-26079

· MEDIUMModified

CVSS v3.1

4.9

EPSS

0.96%

Published

Nov 18, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-256CWE-522

Affected Products (1)

cisco · iot_field_network_director (up to 4.6.1)vulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-PWH-yCA6M7p

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-PWH-yCA6M7p

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs