CVE-2020-26062

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-26062
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3
Configurations

No configuration.

History

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en Cisco Integrated Management Controller podría permitir que un atacante remoto no autenticado enumere nombres de usuario válidos dentro de la aplicación vulnerable. La vulnerabilidad se debe a diferencias en las respuestas de autenticación enviadas desde la aplicación como parte de un intento de autenticación. Un atacante podría aprovechar esta vulnerabilidad enviando solicitudes de autenticación a la aplicación afectada. Una explotación exitosa podría permitir al atacante confirmar los nombres de las cuentas de usuario administrativas para usarlas en ataques posteriores. No existen workarounds que aborden esta vulnerabilidad.

18 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-18 16:15

Updated : 2024-11-18 17:11

NVD link : CVE-2020-26062

Mitre link : CVE-2020-26062

CVE.ORG link : CVE-2020-26062

JSON object : View

Products Affected

No product.

CWE
CWE-203

Observable Discrepancy


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024