Описание
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.
Уязвимость интерфейса REST API программного средства управления сетью Cisco IoT Field Network Director, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, доступ на чтение, изменение или удаление данных
EPSS
9.8 Critical
CVSS3
9.8 Critical
CVSS3
10 Critical
CVSS2