CVE-2020-26062: Cisco Integrated Management Controller Username Enumeration Vulnerability
First published: Mon Nov 18 2024(Updated: )
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Integrated Management Controller Supervisor |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL
Frequently Asked Questions
What is the severity of CVE-2020-26062?
CVE-2020-26062 is rated as a medium severity vulnerability due to its potential for username enumeration.
How does CVE-2020-26062 affect Cisco Integrated Management Controller?
CVE-2020-26062 allows an unauthenticated, remote attacker to enumerate valid usernames in Cisco Integrated Management Controller.
Can CVE-2020-26062 be exploited remotely?
Yes, CVE-2020-26062 can be exploited remotely without authentication.
What versions of Cisco Integrated Management Controller are affected by CVE-2020-26062?
CVE-2020-26062 affects various versions of Cisco Integrated Management Controller, but specific versions are not listed.
How can I mitigate CVE-2020-26062?
To mitigate CVE-2020-26062, apply the latest security updates from Cisco for the Integrated Management Controller.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco integrated management controller supervisor