CVE-2020-26063 MEDIUM

CVE-2020-26063: Cisco Integrated Management Controller Software Authorization Bypass Vulnerability

Vendor Cisco
Product Cisco Unified Computing System (Managed)
Weakness CWE-269
Published November 18, 2024
Last update November 18, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X

What the vulnerability does

01Description

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability.

Key dates

02Disclosure timeline

November 18, 2024 CVE published
November 18, 2024 Record updated