CVE-2020-26062

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_computing_system:3.2\(1d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(2b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(2c\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(2d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(2e\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(2f\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3a\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3e\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3g\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3h\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3i\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3j\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3k\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3l\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3n\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3o\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:3.2\(3p\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(1a\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(1b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(1c\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(1d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(2a\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(2b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(2d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(2e\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4a\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4c\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4e\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4f\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4g\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4h\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.0\(4i\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(1a\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(1b\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(1c\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(1d\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(1e\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_computing_system:4.1\(2a\):*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00141

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-203

Связанные уязвимости

GHSA-m96v-gj29-hf2q

CVSS3: 5.3

github

около 1 года назад

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

BDU:2020-05216

CVSS3: 5.3

fstec

больше 5 лет назад

Уязвимость средства удалённого администрирования серверов Cisco Integrated Management Controller, связанная с раскрытием информации через несоответствие, позволяющая нарушителю определить все существующие имена пользователей

EPSS

Процентиль: 34%

0.00141

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-203