CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
53.0%
A vulnerability in the Intelligent Platform Management Interface (IPMI) of the Cisco Unified Computing System Blade Management Controller could allow an unauthenticated, remote attacker to discover valid usernames.
The vulnerability is due to a requirement defined in the IPMI specification. An attacker could exploit this vulnerability by enumerating a list of usernames. A successful exploit could allow the attacker to determine valid usernames based on the responses provided by the IPMI interface.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_computing_system | any | cpe:2.3:h:cisco:unified_computing_system:any:*:*:*:*:*:*:* |