CVE-2020-26084

EPSS 0.15%
Veröffentlicht 06.11.2020 19:15:13
Zuletzt bearbeitet 21.11.2024 05:19:12
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Edge Fog Fabric Version < 1.7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P
psirt@cisco.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26084

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26084

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26084

EUVD