github - ghsa-m96v-gj29-hf2q

ghsa-m96v-gj29-hf2q

Vulnerability from github

Published

2024-11-18 18:30

Modified

2024-11-18 18:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-26062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T16:15:05Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco\u0026nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.",
  "id": "GHSA-m96v-gj29-hf2q",
  "modified": "2024-11-18T18:30:55Z",
  "published": "2024-11-18T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26062"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2020-26062

Vulnerability from cvelistv5

Published

2024-11-18 16:06

Modified

2024-11-18 18:46

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Cisco Integrated Management Controller Username Enumeration Vulnerability

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL

Impacted products

▼	Vendor	Product
	Cisco	Cisco Unified Computing System (Managed)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3n\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3k\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3g\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3h\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2f\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1c\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(2e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3l\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3b\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3j\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3o\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.0\\(4i\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1d\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(2a\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:4.1\\(1e\\):*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:unified_computing_system:3.2\\(3p\\):*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "unified_computing_system",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "4.0\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3n\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1a\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4h\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3k\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2c\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4e\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4g\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3i\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3g\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4a\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2d\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4f\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3h\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2f\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3a\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1c\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4b\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(2e\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3l\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3b\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3j\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3o\\)"
              },
              {
                "status": "affected",
                "version": "4.0\\(4i\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1d\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(2a\\)"
              },
              {
                "status": "affected",
                "version": "4.1\\(1e\\)"
              },
              {
                "status": "affected",
                "version": "3.2\\(3p\\)"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-26062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T18:39:09.926743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-18T18:46:04.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Unified Computing System (Managed)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "4.0(1a)"
            },
            {
              "status": "affected",
              "version": "3.2(3n)"
            },
            {
              "status": "affected",
              "version": "4.1(1a)"
            },
            {
              "status": "affected",
              "version": "4.1(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4h)"
            },
            {
              "status": "affected",
              "version": "4.1(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3k)"
            },
            {
              "status": "affected",
              "version": "3.2(2c)"
            },
            {
              "status": "affected",
              "version": "4.0(4e)"
            },
            {
              "status": "affected",
              "version": "4.0(4g)"
            },
            {
              "status": "affected",
              "version": "3.2(3i)"
            },
            {
              "status": "affected",
              "version": "4.0(2e)"
            },
            {
              "status": "affected",
              "version": "3.2(3g)"
            },
            {
              "status": "affected",
              "version": "4.0(4a)"
            },
            {
              "status": "affected",
              "version": "4.0(2d)"
            },
            {
              "status": "affected",
              "version": "3.2(2d)"
            },
            {
              "status": "affected",
              "version": "4.0(1b)"
            },
            {
              "status": "affected",
              "version": "4.0(4f)"
            },
            {
              "status": "affected",
              "version": "3.2(3h)"
            },
            {
              "status": "affected",
              "version": "3.2(2f)"
            },
            {
              "status": "affected",
              "version": "4.0(4c)"
            },
            {
              "status": "affected",
              "version": "3.2(3a)"
            },
            {
              "status": "affected",
              "version": "4.0(1c)"
            },
            {
              "status": "affected",
              "version": "3.2(3d)"
            },
            {
              "status": "affected",
              "version": "3.2(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4b)"
            },
            {
              "status": "affected",
              "version": "3.2(2e)"
            },
            {
              "status": "affected",
              "version": "4.0(2b)"
            },
            {
              "status": "affected",
              "version": "4.0(4d)"
            },
            {
              "status": "affected",
              "version": "3.2(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3e)"
            },
            {
              "status": "affected",
              "version": "3.2(3l)"
            },
            {
              "status": "affected",
              "version": "3.2(3b)"
            },
            {
              "status": "affected",
              "version": "4.0(2a)"
            },
            {
              "status": "affected",
              "version": "3.2(3j)"
            },
            {
              "status": "affected",
              "version": "4.0(1d)"
            },
            {
              "status": "affected",
              "version": "3.2(3o)"
            },
            {
              "status": "affected",
              "version": "4.0(4i)"
            },
            {
              "status": "affected",
              "version": "4.1(1d)"
            },
            {
              "status": "affected",
              "version": "4.1(2a)"
            },
            {
              "status": "affected",
              "version": "4.1(1e)"
            },
            {
              "status": "affected",
              "version": "3.2(3p)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco\u0026nbsp;Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/RL:X/RC:X/E:X",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-203",
              "description": "Observable Discrepancy",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T16:06:00.592Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cimc-enum-CyheP3B7",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD"
        },
        {
          "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cimc-enum-CyheP3B7",
        "defects": [
          "CSCvv07275"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Integrated Management Controller Username Enumeration Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-26062",
    "datePublished": "2024-11-18T16:06:00.592Z",
    "dateReserved": "2020-09-24T00:00:00.000Z",
    "dateUpdated": "2024-11-18T18:46:04.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted