Vulnerabilities > Cisco > IOT Field Network Director > 4.4.2.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2020-11-18 | CVE-2020-3531 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. | 10.0 |
| 2020-11-18 | CVE-2020-3392 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 5.0 |
| 2020-11-18 | CVE-2020-26081 | Injection vulnerability in Cisco IOT Field Network Director Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. | 4.3 |
| 2020-11-18 | CVE-2020-26080 | Improper Privilege Management vulnerability in Cisco IOT Field Network Director A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. | 4.0 |
| 2020-11-18 | CVE-2020-26079 | Insufficiently Protected Credentials vulnerability in Cisco IOT Field Network Director A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. | 4.0 |
| 2020-11-18 | CVE-2020-26078 | Path Traversal vulnerability in Cisco IOT Field Network Director A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. | 5.5 |
| 2020-11-18 | CVE-2020-26077 | Improper Privilege Management vulnerability in Cisco IOT Field Network Director A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. | 4.0 |
| 2020-11-18 | CVE-2020-26076 | Information Exposure vulnerability in Cisco IOT Field Network Director A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. | 5.0 |
| 2020-11-18 | CVE-2020-26075 | SQL Injection vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. | 9.0 |