CVE-2020-26062

CWE-2034 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 58.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Unified Computing System (managed)Cisco Unified Computing System

Timeline

PublishedNov 18

Description

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/unified_computing_system42 versions+41

▶CVEListV5cisco/cisco_unified_computing_system_(managed)42 versions+41

🔴Vulnerability Details

CVEList

Cisco Integrated Management Controller Username Enumeration Vulnerability↗2024-11-18

▶

GHSA

GHSA-m96v-gj29-hf2q: A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vuln↗2024-11-18

▶

📋Vendor Advisories

Cisco

Cisco Integrated Management Controller Username Enumeration Vulnerability↗2020-11-04

▶