ID

VAR-202605-6902


CVE

CVE-2026-20169


TITLE

Cisco Systems Cisco IoT Field Network Director Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612

DESCRIPTION

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router. EXEC This can be done in mode.- Some of the information handled by the software may be leaked to external parties. - Some of the information handled by the software may be overwritten. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2026-20169 // JVNDB: JVNDB-2026-021612

AFFECTED PRODUCTS

vendor:ciscomodel:iot field network directorscope:ltversion:5.0.0-117

Trust: 1.0

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco iot field network directorscope:eqversion:5.0.0-117

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612 // NVD: CVE-2026-20169

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20169
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2026-021612
value: MEDIUM

Trust: 0.8

psirt@cisco.com: CVE-2026-20169
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.7
version: 3.1

Trust: 1.0

OTHER: JVNDB-2026-021612
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612 // NVD: CVE-2026-20169

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612 // NVD: CVE-2026-20169

PATCH

title:Cisco IoT Field Network Director Vulnerabilitiesurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612

EXTERNAL IDS

db:NVDid:CVE-2026-20169

Trust: 2.6

db:JVNDBid:JVNDB-2026-021612

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612 // NVD: CVE-2026-20169

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iot-fnd-dos-n8n26q4u

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-20169

Trust: 0.8

sources: JVNDB: JVNDB-2026-021612 // NVD: CVE-2026-20169

SOURCES

db:JVNDBid:JVNDB-2026-021612
db:NVDid:CVE-2026-20169

LAST UPDATE DATE

2026-07-04T23:49:24.043000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021612date:2026-06-30T02:23:00
db:NVDid:CVE-2026-20169date:2026-06-29T17:28:14.693

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021612date:2026-06-30T00:00:00
db:NVDid:CVE-2026-20169date:2026-05-06T17:16:20.743