Thomas Large

**Name of the Vulnerable Software and Affected Versions** Cisco Integrated Management Controller (affected versions not specified) **Description** The issue is related to information disclosure through inconsistency. It may allow a remote attacker to determine all existing usernames. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this by sending authentication requests to the affected application, potentially confirming the names of administrative user accounts for use in further attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Integrated Management Controller (affected versions not specified) **Description** A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The issue is due to improper authorization checks on API endpoints, allowing an attacker to send malicious requests to an API endpoint. This could enable the attacker to download files from or modify limited configuration options on the affected system. Additionally, the vulnerability may allow a remote attacker to determine all existing usernames. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.