CVE-2020-26062: A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the...

Description

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.82%

52.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-203

Affected Software

Vendor	Product	Versions
Cisco	Unified Computing System	3.2\(1d\)
Cisco	Unified Computing System	3.2\(2b\)
Cisco	Unified Computing System	3.2\(2c\)
Cisco	Unified Computing System	3.2\(2d\)
Cisco	Unified Computing System	3.2\(2e\)
Cisco	Unified Computing System	3.2\(2f\)
Cisco	Unified Computing System	3.2\(3a\)
Cisco	Unified Computing System	3.2\(3b\)
Cisco	Unified Computing System	3.2\(3d\)
Cisco	Unified Computing System	3.2\(3e\)
Cisco	Unified Computing System	3.2\(3g\)
Cisco	Unified Computing System	3.2\(3h\)
Cisco	Unified Computing System	3.2\(3i\)
Cisco	Unified Computing System	3.2\(3j\)
Cisco	Unified Computing System	3.2\(3k\)
Cisco	Unified Computing System	3.2\(3l\)
Cisco	Unified Computing System	3.2\(3n\)
Cisco	Unified Computing System	3.2\(3o\)
Cisco	Unified Computing System	3.2\(3p\)
Cisco	Unified Computing System	4.0\(1a\)
Cisco	Unified Computing System	4.0\(1b\)
Cisco	Unified Computing System	4.0\(1c\)
Cisco	Unified Computing System	4.0\(1d\)
Cisco	Unified Computing System	4.0\(2a\)
Cisco	Unified Computing System	4.0\(2b\)
Cisco	Unified Computing System	4.0\(2d\)
Cisco	Unified Computing System	4.0\(2e\)
Cisco	Unified Computing System	4.0\(4a\)
Cisco	Unified Computing System	4.0\(4b\)
Cisco	Unified Computing System	4.0\(4c\)
Cisco	Unified Computing System	4.0\(4d\)
Cisco	Unified Computing System	4.0\(4e\)
Cisco	Unified Computing System	4.0\(4f\)
Cisco	Unified Computing System	4.0\(4g\)
Cisco	Unified Computing System	4.0\(4h\)
Cisco	Unified Computing System	4.0\(4i\)
Cisco	Unified Computing System	4.1\(1a\)
Cisco	Unified Computing System	4.1\(1b\)
Cisco	Unified Computing System	4.1\(1c\)
Cisco	Unified Computing System	4.1\(1d\)
Cisco	Unified Computing System	4.1\(1e\)
Cisco	Unified Computing System	4.1\(2a\)

References

Timeline

Published: Nov 18, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2020-26062?

A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability.

How severe is CVE-2020-26062?

CVE-2020-26062 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.82% probability of exploitation in the next 30 days.

How do I fix CVE-2020-26062?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.