VDB

CVE-2020-26062

CVE-2020-26062 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

EPSS 0.19% · 41.0th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X
EPSS Score
0.19%
41.0th percentile

Affected Products

VendorProductVersions
ciscounified_computing_system3.2\(1d\), *, *
CiscoCisco Unified Computing System (Managed)*, 4.0(1a), 3.2(3n)
ciscounified_computing_system*, *, *

Exploit Intelligence

Timeline

  • Nov 18, 2024 CVE Published
  • Nov 18, 2024 CVE Updated
  • Nov 19, 2024 EPSS Score
  • Dec 7, 2024 EPSS Score
  • Dec 25, 2024 EPSS Score
  • Jan 11, 2025 EPSS Score
  • Jan 29, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 5, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • Apr 26, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›