How severe is CVE-2020-3163?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-3163?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2020-3163 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A vulnerability in the Live Data server of Cisco Unified Contact Center Enterprise could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software improperly manages resources when processing inbound Live Data traffic. An attacker could exploit this vulnerability by sending multiple crafted Live Data packets to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could result in a stack overflow and cause the affected device to reload, resulting in a DoS condition. Note: The Live Data port in Cisco Unified Contact Center Enterprise devices allows only a single TCP connection. To exploit this vulnerability, an attacker would have to send crafted packets to an affected device before a legitimate Live Data client establishes a connection.

Related Vulnerabilities

CVE-2016-10798

MEDIUM

CVSS:6.8(Medium)

cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).

CWE-3622016

CVE-2018-12691

MEDIUM

CVSS:6.8(Medium)

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data pl...

CWE-3622018

CVE-2021-20316

MEDIUM

CVSS:6.8(Medium)

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of th...

CWE-3622021

CVE-2021-4203

MEDIUM

CVSS:6.8(Medium)

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with...

CWE-3622021

CVE-2023-49706

MEDIUM

CVSS:6.8(Medium)

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions o...

CWE-3622023

CVE-2024-24857

MEDIUM

CVSS:6.8(Medium)

A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth conne...

CWE-3622024