CVE-2022-20633

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 204

Summary

CVE-2022-20633 is a vulnerability affecting the web-based management interface of Cisco ECE. Unauthenticated, remote attackers can exploit this issue by sending authentication requests to an affected device, leading to username enumeration. The vulnerability arises due to inconsistent authentication responses from the application. Successful exploitation enables attackers to confirm existing user accounts, which could be utilized for further attacks. Cisco has released patches to mitigate this vulnerability, and currently, there are no workarounds available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Cisco Enterprise Chat and Email

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners