How severe is CVE-2020-3426?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2020-3426?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2020-3426

CRITICAL Year: 2020

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-264

View all →

Vulnerability Description

A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.

CVE-2014-5415

CRITICAL

CVSS:9.1(Critical)

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Too...

CWE-2642014

CVE-2015-8753

CRITICAL

CVSS:9.1(Critical)

SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.

CWE-2642015

CVE-2016-3065

CRITICAL

CVSS:9.1(Critical)

The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequentl...

CWE-2642016

CVE-2016-6394

CRITICAL

CVSS:9.1(Critical)

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug I...

CWE-2642016

CVE-2016-7435

CRITICAL

CVSS:9.1(Critical)

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cert...

CWE-2642016

CVE-2016-8649

CRITICAL

CVSS:9.1(Critical)

lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's fi...

CWE-2642016

CVE-2020-3426

Vulnerability Description

Related Vulnerabilities

CVE-2014-5415

CVE-2015-8753

CVE-2016-3065

CVE-2016-6394

CVE-2016-7435

CVE-2016-8649