How severe is CVE-2020-27121?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-27121?

This is classified as CWE-248, which is a common weakness in software security.

CVE-2020-27121 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Service on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of login requests. An attacker could exploit this vulnerability by sending a crafted client login request to an affected device. A successful exploit could allow the attacker to cause a process to crash, resulting in a DoS condition for new login attempts. Users who are authenticated at the time of the attack would not be affected. There are workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2019-7474

MEDIUM

CVSS:6.5(Medium)

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability...

CWE-2482019

CVE-2021-36802

MEDIUM

CVSS:6.5(Medium)

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This iss...

CWE-2482021

CVE-2022-20761

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denia...

CWE-2482022

CVE-2022-41940

MEDIUM

CVSS:6.5(Medium)

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on th...

CWE-2482022

CVE-2023-22290

MEDIUM

CVSS:6.5(Medium)

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

CWE-2482023

CVE-2023-25526

MEDIUM

CVSS:6.5(Medium)

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit ma...

CWE-2482023