CVE-2026-20167 PUBLISHED

Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability

Assigner: cisco
Reserved: 08.10.2025 Published: 06.05.2026 Updated: 06.05.2026

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router.

This vulnerability is due to improper error handling. An attacker could exploit this vulnerability by submitting crafted input to the web-based management interface. A successful exploit could allow the attacker to request unauthorized files from a remote router, causing the router to reload and resulting in a DoS condition.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS Score: 7.7

Product Status

Vendor Cisco
Product Cisco IoT Field Network Director (IoT-FND)
Versions Default: unknown
  • Version 4.5.1 is affected
  • Version 4.4.3 is affected
  • Version 4.1.0 is affected
  • Version 4.1.3 is affected
  • Version 4.6.1 is affected
  • Version 4.1.1 is affected
  • Version 4.4.0 is affected
  • Version 4.2.0 is affected
  • Version 4.4.2 is affected
  • Version 4.3.0 is affected
  • Version 4.6.0 is affected
  • Version 4.4.4 is affected
  • Version 4.3.2 is affected
  • Version 4.1.2 is affected
  • Version 4.4.1 is affected
  • Version 4.5.0 is affected
  • Version 4.3.1 is affected
  • Version 4.7.0 is affected
  • Version 4.6.2 is affected
  • Version 4.7.1 is affected
  • Version 4.7.2 is affected
  • Version 4.8.0 is affected
  • Version 4.8.1 is affected
  • Version 4.9.0 is affected
  • Version 4.9.1 is affected
  • Version 4.10.0 is affected
  • Version 4.9.2 is affected
  • Version 4.11.0 is affected
  • Version 4.12.0 is affected
  • Version 4.12.1 is affected

Exploits

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

References

Problem Types

  • Improper Access Control cwe