{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-26062","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2020-09-24T00:00:00.000Z","datePublished":"2024-11-18T16:06:00.592Z","dateUpdated":"2024-11-18T18:46:04.617Z"},"containers":{"cna":{"title":"Cisco Integrated Management Controller Username Enumeration Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco&nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7","name":"cisco-sa-cimc-enum-CyheP3B7"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-cimc-enum-CyheP3B7","discovery":"EXTERNAL","defects":["CSCvv07275"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Observable Discrepancy","type":"cwe","cweId":"CWE-203"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Unified Computing System (Managed)","versions":[{"version":"4.0(1a)","status":"affected"},{"version":"3.2(3n)","status":"affected"},{"version":"4.1(1a)","status":"affected"},{"version":"4.1(1b)","status":"affected"},{"version":"4.0(4h)","status":"affected"},{"version":"4.1(1c)","status":"affected"},{"version":"3.2(3k)","status":"affected"},{"version":"3.2(2c)","status":"affected"},{"version":"4.0(4e)","status":"affected"},{"version":"4.0(4g)","status":"affected"},{"version":"3.2(3i)","status":"affected"},{"version":"4.0(2e)","status":"affected"},{"version":"3.2(3g)","status":"affected"},{"version":"4.0(4a)","status":"affected"},{"version":"4.0(2d)","status":"affected"},{"version":"3.2(2d)","status":"affected"},{"version":"4.0(1b)","status":"affected"},{"version":"4.0(4f)","status":"affected"},{"version":"3.2(3h)","status":"affected"},{"version":"3.2(2f)","status":"affected"},{"version":"4.0(4c)","status":"affected"},{"version":"3.2(3a)","status":"affected"},{"version":"4.0(1c)","status":"affected"},{"version":"3.2(3d)","status":"affected"},{"version":"3.2(2b)","status":"affected"},{"version":"4.0(4b)","status":"affected"},{"version":"3.2(2e)","status":"affected"},{"version":"4.0(2b)","status":"affected"},{"version":"4.0(4d)","status":"affected"},{"version":"3.2(1d)","status":"affected"},{"version":"3.2(3e)","status":"affected"},{"version":"3.2(3l)","status":"affected"},{"version":"3.2(3b)","status":"affected"},{"version":"4.0(2a)","status":"affected"},{"version":"3.2(3j)","status":"affected"},{"version":"4.0(1d)","status":"affected"},{"version":"3.2(3o)","status":"affected"},{"version":"4.0(4i)","status":"affected"},{"version":"4.1(1d)","status":"affected"},{"version":"4.1(2a)","status":"affected"},{"version":"4.1(1e)","status":"affected"},{"version":"3.2(3p)","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-18T16:06:00.592Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"unified_computing_system","cpes":["cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.0\\(1a\\)","status":"affected"},{"version":"3.2\\(3n\\)","status":"affected"},{"version":"4.1\\(1a\\)","status":"affected"},{"version":"4.1\\(1b\\)","status":"affected"},{"version":"4.0\\(4h\\)","status":"affected"},{"version":"4.1\\(1c\\)","status":"affected"},{"version":"3.2\\(3k\\)","status":"affected"},{"version":"3.2\\(2c\\)","status":"affected"},{"version":"4.0\\(4e\\)","status":"affected"},{"version":"4.0\\(4g\\)","status":"affected"},{"version":"3.2\\(3i\\)","status":"affected"},{"version":"4.0\\(2e\\)","status":"affected"},{"version":"3.2\\(3g\\)","status":"affected"},{"version":"4.0\\(4a\\)","status":"affected"},{"version":"4.0\\(2d\\)","status":"affected"},{"version":"3.2\\(2d\\)","status":"affected"},{"version":"4.0\\(1b\\)","status":"affected"},{"version":"4.0\\(4f\\)","status":"affected"},{"version":"3.2\\(3h\\)","status":"affected"},{"version":"3.2\\(2f\\)","status":"affected"},{"version":"4.0\\(4c\\)","status":"affected"},{"version":"3.2\\(3a\\)","status":"affected"},{"version":"4.0\\(1c\\)","status":"affected"},{"version":"3.2\\(3d\\)","status":"affected"},{"version":"3.2\\(2b\\)","status":"affected"},{"version":"4.0\\(4b\\)","status":"affected"},{"version":"3.2\\(2e\\)","status":"affected"},{"version":"4.0\\(2b\\)","status":"affected"},{"version":"4.0\\(4d\\)","status":"affected"},{"version":"3.2\\(1d\\)","status":"affected"},{"version":"3.2\\(3e\\)","status":"affected"},{"version":"3.2\\(3l\\)","status":"affected"},{"version":"3.2\\(3b\\)","status":"affected"},{"version":"4.0\\(2a\\)","status":"affected"},{"version":"3.2\\(3j\\)","status":"affected"},{"version":"4.0\\(1d\\)","status":"affected"},{"version":"3.2\\(3o\\)","status":"affected"},{"version":"4.0\\(4i\\)","status":"affected"},{"version":"4.1\\(1d\\)","status":"affected"},{"version":"4.1\\(2a\\)","status":"affected"},{"version":"4.1\\(1e\\)","status":"affected"},{"version":"3.2\\(3p\\)","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-18T18:39:09.926743Z","id":"CVE-2020-26062","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-18T18:46:04.617Z"}}]}}