CVE Catalog

CVE-2026-20169

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A vulnerability in the web-based management interface of Cisco IoT Field Network Director allows an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This is due to insufficient input validation of user-supplied data.

Risk Assessment

An attacker can create, read, or delete files and execute limited commands in user EXEC mode on a remote router, potentially compromising data confidentiality, integrity, and availability.

Recommendation

Apply the patches provided by Cisco immediately and restrict access to the management interface to trusted users only.

Original NVD description (English source)

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to create, read, or delete files and execute limited commands in user EXEC mode on a remote router.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS