CVE-2020-26078: Cisco IoT Field Network Director File Overwrite Vulnerability
First published: Wed Nov 18 2020(Updated: )
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IoT Field Network Director | <4.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-26078?
CVE-2020-26078 is considered a high severity vulnerability due to its potential to allow file overwriting on affected systems.
How do I fix CVE-2020-26078?
To mitigate CVE-2020-26078, ensure that you update Cisco IoT Field Network Director to version 4.6.1 or later.
Who is affected by CVE-2020-26078?
CVE-2020-26078 affects users of Cisco IoT Field Network Director versions prior to 4.6.1.
Can CVE-2020-26078 be exploited remotely?
Yes, an authenticated remote attacker can exploit CVE-2020-26078 to overwrite files on the affected system.
What causes CVE-2020-26078?
CVE-2020-26078 is caused by insufficient protections in the file system of Cisco IoT Field Network Director.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco iot field network director