A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco IoT Field Network Director (IoT-FND) | 4.5.1, 4.4.3, 4.1.0, 4.1.3, 4.6.1, 4.1.1, 4.4.0, 4.2.0, 4.4.2, 4.3.0, 4.6.0, 4.4.4, 4.3.2, 4.1.2, 4.4.1, 4.5.0, 4.3.1, 4.7.0, 4.6.2, 4.7.1, 4.7.2, 4.8.0, 4.8.1, 4.9.0, 4.9.1, 4.10.0, 4.9.2, 4.11.0, 4.12.0, 4.12.1 |
