Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access.
This vulnerability is due to insufficient file access checks. An attacker could exploit this vulnerability by submitting crafted input in the web-based management interface. A successful exploit could allow the attacker to read files that they are not authorized to access.
AnalysisAI
Authenticated remote attackers with low privileges can read arbitrary files via insufficient access controls in the web-based management interface of Cisco IoT Field Network Director. Exploitation requires valid login credentials and submission of crafted input through the management UI; successful attacks result in unauthorized file disclosure but do not enable modification or system disruption. No public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
The vulnerability stems from CWE-388 (Error Handling with Insufficient Logging), a classification indicating inadequate validation and access control checks during file operations within the web application layer. The Cisco IoT Field Network Director's management interface processes user-supplied input for file retrieval operations without properly verifying that the authenticated user holds authorization to access the requested files. This allows privilege escalation within the authenticated context-a low-privilege user can bypass directory or file-level access restrictions through crafted input manipulation, likely exploiting path traversal, symbolic link following, or direct object reference flaws in the file-serving logic.
RemediationAI
Verify the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-fnd-dos-n8N26Q4u for vendor-released patch details and exact fixed versions, as this information is not independently confirmed in the provided input data. Pending patch availability, restrict network access to the web-based management interface using firewall rules or VPN-gating, limiting exposure to trusted administrative networks only. Audit and minimize the number of accounts with access to the management interface, enforcing principle of least privilege and removing unnecessary low-privilege user accounts. Implement application-level logging and alerting on file access operations within the management interface to detect suspicious file retrieval patterns indicative of exploitation attempts.
Cisco IoT Field Network Director enables authenticated remote attackers with low-level privileges to crash remotely mana
Cisco IoT Field Network Director's web-based management interface allows authenticated remote attackers with low privile
Same weakness CWE-388 – 7PK - Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27851
GHSA-4q4m-pqh7-mj3f