CVE-2026-20167

Medienbericht

EPSS 0.14%
Veröffentlicht 06.05.2026 16:15:57
Zuletzt bearbeitet 06.05.2026 18:59:53
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.

This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco IoT Field Network Director (IoT-FND)

Default Statusunknown

Version 4.5.1

Status affected

Version 4.4.3

Status affected

Version 4.1.0

Status affected

Version 4.1.3

Status affected

Version 4.6.1

Status affected

Version 4.1.1

Status affected

Version 4.4.0

Status affected

Version 4.2.0

Status affected

Version 4.4.2

Status affected

Version 4.3.0

Status affected

Version 4.6.0

Status affected

Version 4.4.4

Status affected

Version 4.3.2

Status affected

Version 4.1.2

Status affected

Version 4.4.1

Status affected

Version 4.5.0

Status affected

Version 4.3.1

Status affected

Version 4.7.0

Status affected

Version 4.6.2

Status affected

Version 4.7.1

Status affected

Version 4.7.2

Status affected

Version 4.8.0

Status affected

Version 4.8.1

Status affected

Version 4.9.0

Status affected

Version 4.9.1

Status affected

Version 4.10.0

Status affected

Version 4.9.2

Status affected

Version 4.11.0

Status affected

Version 4.12.0

Status affected

Version 4.12.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.338

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://www.heise.de/news/Cisco-Codeschmuggel-Leck-in-Unity-Connection-und-weitere-Luecken-11285115.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u

https://nvd.nist.gov/vuln/detail/CVE-2026-20167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20167

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20167