Vulnerability Description
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci
FAQ
What is CVE-2020-26063?
CVE-2020-26063 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system withou...
How severe is CVE-2020-26063?
CVE-2020-26063 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26063?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.