6.4
CVE-2026-20169
- EPSS 0.08%
- Veröffentlicht 06.05.2026 16:15:48
- Zuletzt bearbeitet 06.05.2026 18:59:53
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco IoT Field Network Director Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
≫
Produkt
Cisco IoT Field Network Director (IoT-FND)
Default Statusunknown
Version
4.5.1
Status
affected
Version
4.4.3
Status
affected
Version
4.1.0
Status
affected
Version
4.1.3
Status
affected
Version
4.6.1
Status
affected
Version
4.1.1
Status
affected
Version
4.4.0
Status
affected
Version
4.2.0
Status
affected
Version
4.4.2
Status
affected
Version
4.3.0
Status
affected
Version
4.6.0
Status
affected
Version
4.4.4
Status
affected
Version
4.3.2
Status
affected
Version
4.1.2
Status
affected
Version
4.4.1
Status
affected
Version
4.5.0
Status
affected
Version
4.3.1
Status
affected
Version
4.7.0
Status
affected
Version
4.6.2
Status
affected
Version
4.7.1
Status
affected
Version
4.7.2
Status
affected
Version
4.8.0
Status
affected
Version
4.8.1
Status
affected
Version
4.9.0
Status
affected
Version
4.9.1
Status
affected
Version
4.10.0
Status
affected
Version
4.9.2
Status
affected
Version
4.11.0
Status
affected
Version
4.12.0
Status
affected
Version
4.12.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.237 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 6.4 | 3.1 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.