CVE-2024-20388

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-202
View all →

Vulnerability Description

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. This vulnerability is due to improper authentication of password update responses. An attacker could exploit this vulnerability by forcing a password reset on an affected device. A successful exploit could allow the attacker to determine valid user names in the unauthenticated response to a forced password reset.

Related Vulnerabilities

CVE-2023-20215

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a ne...

CWE-2022023

CVE-2024-38895

MEDIUM
CVSS:5.3(Medium)

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2024-38897

MEDIUM
CVSS:5.3(Medium)

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2021-1372

MEDIUM
CVSS:5.5(Medium)

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system....

CWE-2022021

CVE-2023-1625

MEDIUM
CVSS:5.0(Medium)

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. ...

CWE-2022023

CVE-2021-4159

MEDIUM
CVSS:4.4(Medium)

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to...

CWE-2022021