CVE-2022-20633

Name of the Vulnerable Software and Affected Versions Cisco ECE (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this by sending authentication requests to an affected device, potentially confirming existing user accounts for use in further attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.