← voltar
CVE-2020-26062

Cisco Integrated Management Controller Username Enumeration Vulnerability

CVSS 5.3 MEDIUMEPSS 0.8%CWE-203
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 nov 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X
Produtos afetados
Cisco · Cisco Unified Computing System (Managed)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxLhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqDhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxnshttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3