CVE-2020-26078

MEDIUM

Cisco IoT FND - Privilege Escalation

Title source: llm

Description

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-OVW-SHzOE3Pd

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 43.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-22 CWE-73

Status published

Affected Products (1)

cisco/iot_field_network_director < 4.6.1

Timeline

Published Nov 18, 2020

Tracked Since Feb 18, 2026