Vulnerabilities > Cisco > IOT Field Network Director > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2020-11-18 | CVE-2020-3392 | Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. | 7.5 |
| 2020-11-18 | CVE-2020-26076 | Information Exposure vulnerability in Cisco IOT Field Network Director A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. | 7.5 |
| 2020-11-18 | CVE-2020-26075 | SQL Injection vulnerability in Cisco IOT Field Network Director A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. | 8.8 |
| 2020-11-18 | CVE-2020-26072 | Improper Privilege Management vulnerability in Cisco IOT Field Network Director A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. | 8.7 |
| 2020-04-15 | CVE-2020-3162 | Improper Input Validation vulnerability in Cisco IOT Field Network Director A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-08-08 | CVE-2019-1957 | Unspecified vulnerability in Cisco IOT Field Network Director A vulnerability in the web interface of Cisco IoT Field Network Director could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition on an affected device. | 7.5 |
| 2019-01-23 | CVE-2019-1644 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco IOT Field Network Director 4.3(0.20) A vulnerability in the UDP protocol implementation for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to exhaust system resources, resulting in a denial of service (DoS) condition. | 7.5 |
| 2018-05-17 | CVE-2018-0270 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOT Field Network Director 4.2(0.4) A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. | 8.8 |
| 2017-09-07 | CVE-2017-6780 | Allocation of Resources Without Limits or Throttling vulnerability in Cisco products A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. | 7.5 |