CVE-2020-26062 MEDIUM

CVE-2020-26062: Cisco Integrated Management Controller Username Enumeration Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Managed)
Weakness CWE-203
Published November 18, 2024
Last update November 18, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X

What the vulnerability does

01Description

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

Key dates

02Disclosure timeline

November 18, 2024 CVE published
November 18, 2024 Record updated