Cisco IoT Field Network Director Constrained Application Protocol input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in Cisco IoT Field Network Director (affected version unknown). Affected by this vulnerability is an unknown function of the component Constrained Application Protocol Handler. Upgrading eliminates this vulnerability.

Field04/16/2020 01:52 PM04/16/2020 01:57 PM
date1586908800 (04/15/2020)1586908800 (04/15/2020)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTqhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq
identifiercisco-sa-iot-coap-dos-WTBu6YTqcisco-sa-iot-coap-dos-WTBu6YTq
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
cveCVE-2020-3162CVE-2020-3162
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_nvd_basescore7.57.5
vendorCiscoCisco
nameIoT Field Network DirectorIoT Field Network Director
componentConstrained Application Protocol HandlerConstrained Application Protocol Handler
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss3_meta_basescore6.46.4
cvss3_meta_tempscore6.16.1
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.15.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cve_assigned1576108800
cve_nvd_summaryA vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints.
cwe020 (privilege escalation)
cvss3_nvd_avN

Do you want to use VulDB in your project?

Use the official API to access entries easily!