CVE-2020-26084

MEDIUM

Cisco Edge Fog Fabric < 1.7.4 - Exposure to Wrong Actor

Title source: rule

Description

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz

Scores

CVSS v3 6.5

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

cisco/edge_fog_fabric < 1.7.4

Timeline

Published Nov 06, 2020

Tracked Since Feb 18, 2026