Cisco Integrated Management Controller Vulnerability Allows Unauthorized Actions

CVE-2020-26063

5.4MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Unified Computing System (managed)
Vendor: CVE Published:; 18 November 2024

Summary

A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability.

Affected Version(s)

Cisco Unified Computing System (Managed) = 4.0(1a)

Cisco Unified Computing System (Managed) = 3.2(3n)

Cisco Unified Computing System (Managed) = 4.1(1a)

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2024
Vulnerability Reserved
Sep 24, 2020

Collectors

NVD DatabaseMitre Database