Cisco Security Advisory - Cisco Integrated Management Controller Username Enumeration Vulnerability

Started by Netwörkheäd, December 19, 2020, 06:22:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

December 19, 2020, 06:22:03 PM
Cisco Integrated Management Controller Username Enumeration Vulnerability

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.


The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.


There are no workarounds that address this vulnerability.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7



     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2020-26062
Source: Cisco Integrated Management Controller Username Enumeration Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions