CVE-2020-26062

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 203

Summary

CVE-2020-26062 is a vulnerability affecting Cisco Integrated Management Controller. This issue allows unauthenticated, remote attackers to enumerate valid usernames by observing authentication responses from the application. The vulnerability arises due to inconsistencies in the authentication messages sent back by the app during an authentication attempt. An attacker can exploit this flaw by sending authentication requests to the affected system, potentially confirming the existence of administrative user accounts for further assaults. At present, no workarounds have been identified to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Unified Computing System

Affected Vendors

  • Cisco Systems Inc