{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2020-26063","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2020-09-24T00:00:00.000Z","datePublished":"2024-11-18T16:05:53.165Z","dateUpdated":"2024-11-18T19:49:33.809Z"},"containers":{"cna":{"title":"Cisco Integrated Management Controller Software Authorization Bypass Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/RL:X/RC:X/E:X","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the API endpoints of Cisco&nbsp;Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL","name":"cisco-sa-cimc-auth-zWkppJxL"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-cimc-auth-zWkppJxL","discovery":"EXTERNAL","defects":["CSCvv07287"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Privilege Management","type":"cwe","cweId":"CWE-269"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Unified Computing System (Managed)","versions":[{"version":"4.0(1a)","status":"affected"},{"version":"3.2(3n)","status":"affected"},{"version":"4.1(1a)","status":"affected"},{"version":"4.1(1b)","status":"affected"},{"version":"4.0(4h)","status":"affected"},{"version":"4.1(1c)","status":"affected"},{"version":"3.2(3k)","status":"affected"},{"version":"3.2(2c)","status":"affected"},{"version":"4.0(4e)","status":"affected"},{"version":"4.0(4g)","status":"affected"},{"version":"3.2(3i)","status":"affected"},{"version":"4.0(2e)","status":"affected"},{"version":"3.2(3g)","status":"affected"},{"version":"4.0(4a)","status":"affected"},{"version":"4.0(2d)","status":"affected"},{"version":"3.2(2d)","status":"affected"},{"version":"4.0(1b)","status":"affected"},{"version":"4.0(4f)","status":"affected"},{"version":"3.2(3h)","status":"affected"},{"version":"3.2(2f)","status":"affected"},{"version":"4.0(4c)","status":"affected"},{"version":"3.2(3a)","status":"affected"},{"version":"4.0(1c)","status":"affected"},{"version":"3.2(3d)","status":"affected"},{"version":"3.2(2b)","status":"affected"},{"version":"4.0(4b)","status":"affected"},{"version":"3.2(2e)","status":"affected"},{"version":"4.0(2b)","status":"affected"},{"version":"4.0(4d)","status":"affected"},{"version":"3.2(1d)","status":"affected"},{"version":"3.2(3e)","status":"affected"},{"version":"3.2(3l)","status":"affected"},{"version":"3.2(3b)","status":"affected"},{"version":"4.0(2a)","status":"affected"},{"version":"3.2(3j)","status":"affected"},{"version":"4.0(1d)","status":"affected"},{"version":"3.2(3o)","status":"affected"},{"version":"4.0(4i)","status":"affected"},{"version":"4.1(1d)","status":"affected"},{"version":"4.1(2a)","status":"affected"},{"version":"4.1(1e)","status":"affected"},{"version":"3.2(3p)","status":"affected"},{"version":"4.1(2b)","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-18T16:05:53.165Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"unified_computing_system","cpes":["cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*","cpe:2.3:a:cisco:unified_computing_system:4.1\\(2b\\):*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"4.0\\(1a\\)","status":"affected"},{"version":"3.2\\(3n\\)","status":"affected"},{"version":"4.1\\(1a\\)","status":"affected"},{"version":"4.1\\(1b\\)","status":"affected"},{"version":"4.0\\(4h\\)","status":"affected"},{"version":"4.1\\(1c\\)","status":"affected"},{"version":"3.2\\(3k\\)","status":"affected"},{"version":"3.2\\(2c\\)","status":"affected"},{"version":"4.0\\(4e\\)","status":"affected"},{"version":"4.0\\(4g\\)","status":"affected"},{"version":"3.2\\(3i\\)","status":"affected"},{"version":"4.0\\(2e\\)","status":"affected"},{"version":"3.2\\(3g\\)","status":"affected"},{"version":"4.0\\(4a\\)","status":"affected"},{"version":"4.0\\(2d\\)","status":"affected"},{"version":"3.2\\(2d\\)","status":"affected"},{"version":"4.0\\(1b\\)","status":"affected"},{"version":"4.0\\(4f\\)","status":"affected"},{"version":"3.2\\(3h\\)","status":"affected"},{"version":"3.2\\(2f\\)","status":"affected"},{"version":"4.0\\(4c\\)","status":"affected"},{"version":"3.2\\(3a\\)","status":"affected"},{"version":"4.0\\(1c\\)","status":"affected"},{"version":"3.2\\(3d\\)","status":"affected"},{"version":"3.2\\(2b\\)","status":"affected"},{"version":"4.0\\(4b\\)","status":"affected"},{"version":"3.2\\(2e\\)","status":"affected"},{"version":"4.0\\(2b\\)","status":"affected"},{"version":"4.0\\(4d\\)","status":"affected"},{"version":"3.2\\(1d\\)","status":"affected"},{"version":"3.2\\(3e\\)","status":"affected"},{"version":"3.2\\(3l\\)","status":"affected"},{"version":"3.2\\(3b\\)","status":"affected"},{"version":"4.0\\(2a\\)","status":"affected"},{"version":"3.2\\(3j\\)","status":"affected"},{"version":"4.0\\(1d\\)","status":"affected"},{"version":"3.2\\(3o\\)","status":"affected"},{"version":"4.0\\(4i\\)","status":"affected"},{"version":"4.1\\(1d\\)","status":"affected"},{"version":"4.1\\(2a\\)","status":"affected"},{"version":"4.1\\(1e\\)","status":"affected"},{"version":"3.2\\(3p\\)","status":"affected"},{"version":"4.1\\(2b\\)","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-18T19:49:29.299678Z","id":"CVE-2020-26063","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-18T19:49:33.809Z"}}]}}