CVE-2020-26084

Cisco Edge Fog Fabric Resource Exposure Vulnerability

CVSS 6.5 MEDIUMEPSS 0.9%CWE-668

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.9%KEV nãoPoC —Patch referenciado

Lifecycle

Nov 06, 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Cisco · Cisco Edge Fog Fabric

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz