Vulnerability Description
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Computing System | 3.2\(1d\) |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciNot Applicable
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciNot Applicable
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciNot Applicable
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciNot Applicable
FAQ
What is CVE-2020-26062?
CVE-2020-26062 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due...
How severe is CVE-2020-26062?
CVE-2020-26062 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26062?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Computing System.