How severe is CVE-2020-17388?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-17388?

This is classified as CWE-749, which is a common weakness in software security.

CVE-2020-17388

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-749

View all →

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799.

CVE-2019-10918

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with ...

CWE-7492019

CVE-2021-34996

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the ex...

CWE-7492021

CVE-2023-3612

HIGH

CVSS:8.8(High)

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context o...

CWE-7492023

CVE-2023-51584

HIGH

CVSS:8.8(High)

Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492023

CVE-2024-5298

HIGH

CVSS:8.8(High)

D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installation...

CWE-7492024

CVE-2024-5299

HIGH

CVSS:8.8(High)

D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D...

CWE-7492024

CVE-2020-17388

Vulnerability Description

Related Vulnerabilities

CVE-2019-10918

CVE-2021-34996

CVE-2023-3612

CVE-2023-51584

CVE-2024-5298

CVE-2024-5299