CVE-2022-20633
Cisco Enterprise Chat and Email Username Enumeration Vulnerability
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device.
This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2024-11-15 CVE Published
- 2024-11-15 CVE Updated
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-204: Observable Response Discrepancy
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Enterprise Chat And Email Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" | 12.5 Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" and version "12.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Enterprise Chat And Email Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" | 12.0 Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" and version "12.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Enterprise Chat And Email Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" | 12.6 Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" and version "12.6" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Enterprise Chat And Email Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" | 11.5 Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" and version "11.5" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Enterprise Chat And Email Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" | 11.6 Search vendor "Cisco" for product "Cisco Enterprise Chat And Email" and version "11.6" | en |
Affected
| ||||||