How severe is CVE-2020-25705?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2020-25705?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2020-25705

HIGH Year: 2020

CVSS v3 Score

7.4

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version

CVE-2017-17704

HIGH

CVSS:7.4(High)

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and...

CWE-3302017

CVE-2019-19135

HIGH

CVSS:7.4(High)

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle atta...

CWE-3302019

CVE-2020-11501

HIGH

CVSS:7.4(High)

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' byt...

CWE-3302020

CVE-2021-20322

HIGH

CVSS:7.4(High)

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...

CWE-3302021

CVE-2023-20185

HIGH

CVSS:7.4(High)

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersi...

CWE-3302023

CVE-2008-0087

HIGH

CVSS:7.5(High)

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

CWE-3302008

CVE-2020-25705

Vulnerability Description

Related Vulnerabilities

CVE-2017-17704

CVE-2019-19135

CVE-2020-11501

CVE-2021-20322

CVE-2023-20185

CVE-2008-0087