How severe is CVE-2020-26070?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2020-26070?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2020-26070

HIGH Year: 2020

CVSS v3 Score

8.6

High

CVSS v2 Score

7.8

High

Weakness Type

CWE-404

View all →

Vulnerability Description

A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality.

CVE-2017-1145

HIGH

CVSS:8.6(High)

IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: ...

CWE-4042017

CVE-2019-1706

HIGH

CVSS:8.6(High)

A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could all...

CWE-4042019

CVE-2019-1708

HIGH

CVSS:8.6(High)

A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (F...

CWE-4042019

CVE-2022-25762

HIGH

CVSS:8.6(High)

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that...

CWE-4042022

CVE-2023-20042

HIGH

CVSS:8.6(High)

A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker ...

CWE-4042023

CVE-2018-8450

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wi...

CWE-4042018

CVE-2020-26070

Vulnerability Description

Related Vulnerabilities

CVE-2017-1145

CVE-2019-1706

CVE-2019-1708

CVE-2022-25762

CVE-2023-20042

CVE-2018-8450