Vulnerability Details CVE-2020-3531
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 88.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2020-3531
-
cpe:2.3:a:cisco:iot_field_network_director:-
-
cpe:2.3:a:cisco:iot_field_network_director:3.2.0-182
-
cpe:2.3:a:cisco:iot_field_network_director:4.1.0
-
cpe:2.3:a:cisco:iot_field_network_director:4.1.1
-
cpe:2.3:a:cisco:iot_field_network_director:4.1.2
-
cpe:2.3:a:cisco:iot_field_network_director:4.1.3
-
cpe:2.3:a:cisco:iot_field_network_director:4.2(0.4)
-
cpe:2.3:a:cisco:iot_field_network_director:4.2(1.2)
-
cpe:2.3:a:cisco:iot_field_network_director:4.2.0
-
cpe:2.3:a:cisco:iot_field_network_director:4.3(0.20)
-
cpe:2.3:a:cisco:iot_field_network_director:4.3.0
-
cpe:2.3:a:cisco:iot_field_network_director:4.3.2
-
cpe:2.3:a:cisco:iot_field_network_director:4.4(0.26)
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.0
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.1
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.2
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.2-11
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.3
-
cpe:2.3:a:cisco:iot_field_network_director:4.4.4
-
cpe:2.3:a:cisco:iot_field_network_director:4.5.1
-
cpe:2.3:a:cisco:iot_field_network_director:4.6.0