CVE-2020-3531 is a vulnerability in Cisco Iot Field Network Director
Published on November 18, 2020
Cisco IoT Field Network Director Unauthenticated REST API Vulnerability
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2020-3531
Want to know whenever a new CVE is published for Cisco Iot Field Network Director? stack.watch will email you.
Affected Versions
Cisco IoT Field Network Director (IoT-FND) Version n/a is affected by CVE-2020-3531Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.