From a11a7618efcc0b5afc3c1044e94f28cef409b939 Mon Sep 17 00:00:00 2001 From: santosomar Date: Wed, 18 Nov 2020 17:32:05 +0000 Subject: [PATCH] Adding Cisco CVE-2020-26075 --- 2020/26xxx/CVE-2020-26075.json | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 7 deletions(-) diff --git a/2020/26xxx/CVE-2020-26075.json b/2020/26xxx/CVE-2020-26075.json index 36d821efeaf..c80d6db2e7f 100644 --- a/2020/26xxx/CVE-2020-26075.json +++ b/2020/26xxx/CVE-2020-26075.json @@ -1,18 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-11-18T16:00:00", "ID": "CVE-2020-26075", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IoT Field Network Director (IoT-FND) ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\r A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device.\r The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.\r " } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20201118 Cisco IoT Field Network REST API Insufficient Input Validation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-FND-SQL-zEkBnL2h" + } + ] + }, + "source": { + "advisory": "cisco-sa-FND-SQL-zEkBnL2h", + "defect": [ + [ + "CSCvt45225" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +}