VDB

CVE-2020-26063

CVE-2020-26063 PUBLISHED CVSS 5.400000095367432 MEDIUM

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability.

EPSS 0.26% · 49.6th percentile

Risk Scores

CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X
EPSS Score
0.26%
49.6th percentile

Affected Products

VendorProductVersions
CiscoCisco Unified Computing System (Managed)*, 4.1(1a), 4.1(1b)
ciscounified_computing_system4.0\(1a\), 3.2\(3n\), 4.1\(1a\)

Exploit Intelligence

Timeline

  • Nov 18, 2024 CVE Published
  • Nov 18, 2024 CVE Updated
  • Nov 19, 2024 EPSS Score
  • Dec 7, 2024 EPSS Score
  • Dec 25, 2024 EPSS Score
  • Jan 11, 2025 EPSS Score
  • Jan 29, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 5, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • Apr 26, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›