CVE-2020-26075 is a vulnerability in Cisco Iot Field Network Director
Published on November 18, 2020
Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2020-26075 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2020-26075
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-26075 are published in Cisco Iot Field Network Director:
Affected Versions
Cisco IoT Field Network Director (IoT-FND) Version n/a is affected by CVE-2020-26075Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.