SB2020111902 - Multiple vulnerabilities in Cisco IoT Field Network Director
Published: November 19, 2020 Updated: November 19, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2020-26080)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote administrator can manipulate JSON payloads and manage user information for users in different domains.
2) Cross-site scripting (CVE-ID: CVE-2020-26081)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the web UI. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Information disclosure (CVE-ID: CVE-2020-26076)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the absence of authentication for sensitive information. A remote attacker can send specially crafted curl commands and gain unauthorized access to sensitive information on the system.
4) Unprotected storage of credentials (CVE-ID: CVE-2020-26079)
The vulnerability allows a remote user to gain access to other users' credentials.
The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote administrator can view contents of the configuration file and gain access to passwords for 3rd party integration.
5) External Control of File Name or Path (CVE-ID: CVE-2020-26078)
The vulnerability allows a remote user to overwrite files on an affected system.
The vulnerability exists due to insufficient file system protections. A remote administrator can send specially crafted API requests and overwrite files on the target system.
6) Improper access control (CVE-ID: CVE-2020-26077)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker can send an API request and view lists of users from different domains on the affected system.
7) Improper access control (CVE-ID: CVE-2020-26072)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the SOAP API. A remote administrator can send SOAP API requests to access and modify information on devices that belong to a different domain.
8) Missing Authentication for Critical Function (CVE-ID: CVE-2020-3531)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected system does not properly authenticate API calls. A remote attacker can obtain a cross-site request forgery (CSRF) token, then use the token with REST API requests, access the back-end database of the affected device and read, alter, or drop information.
9) Missing Authentication for Critical Function (CVE-ID: CVE-2020-3392)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected system does not properly authenticate API calls. A remote attacker can send API requests and view sensitive information on the target system without authentication.
10) SQL injection (CVE-ID: CVE-2020-26075)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the REST API. A remote authenticated attacker can send a specially crafted request to the affected application and gain access to the back-end database of the affected device.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-UPWD-dCRPuQ78
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-XSS-NzOPCGEc
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SSI-V2myWX9y
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-PWH-yCA6M7p
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-OVW-SHzOE3Pd
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-LV-hE4Rntet
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-AUTH-vEypBmmR
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-BCK-GHkPNZ5F
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-APIA-xZntFS2V
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SQL-zEkBnL2h