A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2020-11-18T00:00:00
Updated: 2020-11-18T17:41:04
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3392
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-18T18:15:12.623
Modified: 2020-12-01T21:57:34.173
Link: CVE-2020-3392
JSON object: View
Redhat Information
No data.
CWE