CVE-2026-20167
Denial of Service in Cisco IoT Field Network Director
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | iot_field_network_director | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the web-based management interface of Cisco IoT Field Network Director. It allows an authenticated remote attacker with low privileges to cause a denial-of-service (DoS) condition on a remotely managed router.
The issue is caused by improper error handling. An attacker can exploit it by submitting specially crafted input to the management interface, which can lead to unauthorized file requests from the router. This causes the router to reload, resulting in a DoS condition.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial-of-service (DoS) condition on a remotely managed router. This means that an attacker could cause the router to reload unexpectedly, disrupting network availability and potentially causing downtime for services relying on that router.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the software updates released by Cisco for the IoT Field Network Director. There are no available workarounds for this issue.