CVE-2022-20633Observable Response Discrepancy in Cisco Enterprise Chat AND Email

CWE-204Observable Response DiscrepancyCWE-601Open RedirectCWE-79Cross-site Scripting4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 49.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise Chat AND EmailCisco Enterprise Chat AND Email
Timeline
PublishedNov 15

Description

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_enterprise_chat_and_email30 versions+29

🔴Vulnerability Details

2
CVEList
Cisco Enterprise Chat and Email Username Enumeration Vulnerability2024-11-15
GHSA
GHSA-jvfw-53c8-p9qg: A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration a2024-11-15

📋Vendor Advisories

1
Cisco
Cisco Enterprise Chat and Email Vulnerabilities2022-01-12
CVE-2022-20633 — Observable Response Discrepancy | cvebase