CVE-2026-20167

Summary

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.

This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IoT Field Network Director (IoT-FND)4.5.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.4.3affected
CiscoCisco IoT Field Network Director (IoT-FND)4.1.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.1.3affected
CiscoCisco IoT Field Network Director (IoT-FND)4.6.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.1.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.4.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.2.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.4.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.3.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.6.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.4.4affected
CiscoCisco IoT Field Network Director (IoT-FND)4.3.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.1.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.4.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.5.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.3.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.7.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.6.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.7.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.7.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.8.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.8.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.9.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.9.1affected
CiscoCisco IoT Field Network Director (IoT-FND)4.10.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.9.2affected
CiscoCisco IoT Field Network Director (IoT-FND)4.11.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.12.0affected
CiscoCisco IoT Field Network Director (IoT-FND)4.12.1affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References