A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) | 4.5.1, 4.4.3, 4.1.0, 4.1.3, 4.6.1, 4.1.1, 4.4.0, 4.2.0, 4.4.2, 4.3.0, 4.6.0, 4.4.4, 4.3.2, 4.1.2, 4.4.1, 4.5.0, 4.3.1, 4.7.0, 4.6.2, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.9.2, 4.11.0, 4.12.0, 4.12.1 |
Updated severity to CRITICAL, noted no exploit exists, and added patch available for version 4.12.1.
Initial creation
