Details of VAR-202011-0717

ID

VAR-202011-0717

CVE

CVE-2020-26084

TITLE

Cisco Edge Fog Fabric Vulnerability in Resource Leakage to Wrong Domain

Trust: 0.8

sources: JVNDB: JVNDB-2020-013255

DESCRIPTION

A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. Cisco Edge Fog Fabric Is vulnerable to a resource leak to the wrong area.Information may be tampered with. The platform provides new IoT applications for advanced monitoring and diagnostics, enabling real-time quality inspection, proactive maintenance and operating smart use cases. This vulnerability is successfully exploited

Trust: 2.79

sources: NVD: CVE-2020-26084 // JVNDB: JVNDB-2020-013255 // CNVD: CNVD-2021-05532 // CNNVD: CNNVD-202011-311 // VULHUB: VHN-180127

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-05532

AFFECTED PRODUCTS

vendor:	cisco	model:	edge fog fabric	scope:	lt	version:	1.7.4	Trust: 1.6
vendor:	シスコシステムズ	model:	cisco edge fog fabric	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-05532 // JVNDB: JVNDB-2020-013255 // NVD: CVE-2020-26084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-26084
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-26084
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-26084
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-05532
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202011-311
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-180127
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-26084
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-05532
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-180127
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-26084
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-26084
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-05532 // VULHUB: VHN-180127 // JVNDB: JVNDB-2020-013255 // CNNVD: CNNVD-202011-311 // NVD: CVE-2020-26084 // NVD: CVE-2020-26084

PROBLEMTYPE DATA

problemtype:	CWE-668	Trust: 1.1
problemtype:	Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-180127 // JVNDB: JVNDB-2020-013255 // NVD: CVE-2020-26084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-311

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202011-311

PATCH

title:	cisco-sa-eff-incperm-9E6h4yBz	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-eff-incperm-9E6h4yBz	Trust: 0.8
title:	Patch for Cisco Edge Fog Fabric authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/245329	Trust: 0.6
title:	Cisco Edge Fog Fabric Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132749	Trust: 0.6

sources: CNVD: CNVD-2021-05532 // JVNDB: JVNDB-2020-013255 // CNNVD: CNNVD-202011-311

EXTERNAL IDS

db:	NVD	id:	CVE-2020-26084	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-013255	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-311	Trust: 0.7
db:	CNVD	id:	CNVD-2021-05532	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3827	Trust: 0.6
db:	VULHUB	id:	VHN-180127	Trust: 0.1

sources: CNVD: CNVD-2021-05532 // VULHUB: VHN-180127 // JVNDB: JVNDB-2020-013255 // CNNVD: CNNVD-202011-311 // NVD: CVE-2020-26084

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-26084	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-eff-incperm-9e6h4ybz	Trust: 1.7
url:	https://www.auscert.org.au/bulletins/esb-2020.3827/	Trust: 0.6

sources: CNVD: CNVD-2021-05532 // VULHUB: VHN-180127 // JVNDB: JVNDB-2020-013255 // CNNVD: CNNVD-202011-311 // NVD: CVE-2020-26084

SOURCES

db:	CNVD	id:	CNVD-2021-05532
db:	VULHUB	id:	VHN-180127
db:	JVNDB	id:	JVNDB-2020-013255
db:	CNNVD	id:	CNNVD-202011-311
db:	NVD	id:	CVE-2020-26084

LAST UPDATE DATE

2024-11-23T22:54:58.493000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-05532	date:	2021-01-25T00:00:00
db:	VULHUB	id:	VHN-180127	date:	2020-11-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-013255	date:	2021-06-22T06:49:00
db:	CNNVD	id:	CNNVD-202011-311	date:	2020-11-23T00:00:00
db:	NVD	id:	CVE-2020-26084	date:	2024-11-21T05:19:12.340

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-05532	date:	2021-01-25T00:00:00
db:	VULHUB	id:	VHN-180127	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-013255	date:	2021-06-22T00:00:00
db:	CNNVD	id:	CNNVD-202011-311	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-26084	date:	2020-11-06T19:15:13.143