What is CVE-2020-3392?

CVE-2020-3392 is a high-severity vulnerability in Cisco Iot Field Network Director (Iot-fnd), classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2020-11-18.

How severe is CVE-2020-3392?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Cisco Iot Field Network Director (Iot-fnd)

CVE-2020-3392

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not prope…

Vulnerability class: Broken Authentication

EPSS: 0.016 (82.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Iot Field Network Director (Iot-fnd) — versions n/a

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

20201118 Cisco IoT Field Network Director Missing API Authentication Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3392?: CVE-2020-3392 is a high-severity vulnerability in Cisco Iot Field Network Director (Iot-fnd), classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2020-11-18.
How severe is CVE-2020-3392?: High severity. CVSS v3 base score is 7.5 out of 10.