ID

VAR-202605-4743


CVE

CVE-2026-20167


TITLE

Cisco Systems Cisco IoT Field Network Director access control vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744

DESCRIPTION

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition. DoS This can lead to a certain condition. DoS The condition occurs.- No information handled by the software will be leaked to external parties. - No information handled by the software will be rewritten. - The software may completely shut down

Trust: 1.62

sources: NVD: CVE-2026-20167 // JVNDB: JVNDB-2026-021744

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:5.0.0-117

Trust: 1.0

vendor:シスコシステムズmodel:cisco iot field network directorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion:5.0.0-117

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744 // NVD: CVE-2026-20167

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20167
value: HIGH

Trust: 1.0

OTHER: JVNDB-2026-021744
value: HIGH

Trust: 0.8

psirt@cisco.com: CVE-2026-20167
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-021744
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744 // NVD: CVE-2026-20167

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744 // NVD: CVE-2026-20167

PATCH

title:Cisco IoT Field Network Director Vulnerabilitiesurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744

EXTERNAL IDS

db:NVDid:CVE-2026-20167

Trust: 2.6

db:JVNDBid:JVNDB-2026-021744

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744 // NVD: CVE-2026-20167

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iot-fnd-dos-n8n26q4u

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-20167

Trust: 0.8

sources: JVNDB: JVNDB-2026-021744 // NVD: CVE-2026-20167

SOURCES

db:JVNDBid:JVNDB-2026-021744
db:NVDid:CVE-2026-20167

LAST UPDATE DATE

2026-07-04T23:47:05.304000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021744date:2026-07-01T01:57:00
db:NVDid:CVE-2026-20167date:2026-06-30T20:39:20.010

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021744date:2026-07-01T00:00:00
db:NVDid:CVE-2026-20167date:2026-05-06T17:16:20.433