CVE-2026-20168

Medienbericht

EPSS 0.05%
Veröffentlicht 06.05.2026 16:15:48
Zuletzt bearbeitet 06.05.2026 18:59:53
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco IoT Field Network Director Path Traversal Vulnerability

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.

This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco IoT Field Network Director (IoT-FND)

Default Statusunknown

Version 4.5.1

Status affected

Version 4.4.3

Status affected

Version 4.1.0

Status affected

Version 4.1.3

Status affected

Version 4.6.1

Status affected

Version 4.1.1

Status affected

Version 4.4.0

Status affected

Version 4.2.0

Status affected

Version 4.4.2

Status affected

Version 4.3.0

Status affected

Version 4.6.0

Status affected

Version 4.4.4

Status affected

Version 4.3.2

Status affected

Version 4.1.2

Status affected

Version 4.4.1

Status affected

Version 4.5.0

Status affected

Version 4.3.1

Status affected

Version 4.7.0

Status affected

Version 4.6.2

Status affected

Version 4.7.1

Status affected

Version 4.7.2

Status affected

Version 4.8.0

Status affected

Version 4.8.1

Status affected

Version 4.9.0

Status affected

Version 4.9.1

Status affected

Version 4.10.0

Status affected

Version 4.9.2

Status affected

Version 4.11.0

Status affected

Version 4.12.0

Status affected

Version 4.12.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.heise.de/news/Cisco-Codeschmuggel-Leck-in-Unity-Connection-und-weitere-Luecken-11285115.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u

https://nvd.nist.gov/vuln/detail/CVE-2026-20168

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20168

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20168

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20168