CVE-2020-26063

Name of the Vulnerable Software and Affected Versions Cisco Integrated Management Controller (affected versions not specified)

Description A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The issue is due to improper authorization checks on API endpoints, allowing an attacker to send malicious requests to an API endpoint. This could enable the attacker to download files from or modify limited configuration options on the affected system. Additionally, the vulnerability may allow a remote attacker to determine all existing usernames.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.