How severe is CVE-2020-3222?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-3222?

This is classified as CWE-17, which is a common weakness in software security.

CVE-2020-3222 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass.

Related Vulnerabilities

CVE-2016-1640

MEDIUM

CVSS:4.3(Medium)

The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for r...

CWE-172016

CVE-2016-1943

MEDIUM

CVSS:4.7(Medium)

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.

CWE-172016

CVE-2016-2314

MEDIUM

CVSS:4.9(Medium)

GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to creat...

CWE-172016

CVE-2015-4941

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.

CWE-172015

CVE-2015-4943

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-201...

CWE-172015

CVE-2016-1940

MEDIUM

CVSS:5.3(Medium)

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

CWE-172016