ID

VAR-202605-5693


CVE

CVE-2026-20168


TITLE

Cisco Systems Cisco IoT Field Network Director Vulnerabilities related to error handling in

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743

DESCRIPTION

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access. - No rewriting will occur to the information handled by the software. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2026-20168 // JVNDB: JVNDB-2026-021743

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:5.0.0-117

Trust: 1.0

vendor:シスコシステムズmodel:cisco iot field network directorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion:5.0.0-117

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743 // NVD: CVE-2026-20168

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20168
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2026-021743
value: MEDIUM

Trust: 0.8

psirt@cisco.com: CVE-2026-20168
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-021743
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743 // NVD: CVE-2026-20168

PROBLEMTYPE DATA

problemtype:CWE-388

Trust: 1.0

problemtype:Error handling (CWE-388) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743 // NVD: CVE-2026-20168

PATCH

title:Cisco IoT Field Network Director Vulnerabilitiesurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743

EXTERNAL IDS

db:NVDid:CVE-2026-20168

Trust: 2.6

db:JVNDBid:JVNDB-2026-021743

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743 // NVD: CVE-2026-20168

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iot-fnd-dos-n8n26q4u

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-20168

Trust: 0.8

sources: JVNDB: JVNDB-2026-021743 // NVD: CVE-2026-20168

SOURCES

db:JVNDBid:JVNDB-2026-021743
db:NVDid:CVE-2026-20168

LAST UPDATE DATE

2026-07-04T23:38:30.882000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021743date:2026-07-01T01:57:00
db:NVDid:CVE-2026-20168date:2026-06-30T20:38:57.423

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021743date:2026-07-01T00:00:00
db:NVDid:CVE-2026-20168date:2026-05-06T17:16:20.590