CVE-2020-26062
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2020-26062 is a vulnerability affecting Cisco Integrated Management Controller. This issue allows unauthenticated, remote attackers to enumerate valid usernames by observing authentication responses from the application. The vulnerability arises due to inconsistencies in the authentication messages sent back by the app during an authentication attempt. An attacker can exploit this flaw by sending authentication requests to the affected system, potentially confirming the existence of administrative user accounts for further assaults. At present, no workarounds have been identified to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Unified Computing System
Affected Vendors
- Cisco Systems Inc