How severe is CVE-2020-7131?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2020-7131?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2020-7131

CRITICAL Year: 2020

CVSS v3 Score

9.0

Critical

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-787

View all →

Vulnerability Description

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).

CVE-2017-2867

CRITICAL

CVSS:9.0(Critical)

An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting i...

CWE-7872017

CVE-2021-29665

CRITICAL

CVSS:9.0(Critical)

IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elev...

CWE-7872021

CVE-2024-55884

CRITICAL

CVSS:9.0(Critical)

In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in...

CWE-7872024

CVE-2017-2615

CRITICAL

CVSS:9.1(Critical)

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A pri...

CWE-7872017

CVE-2019-5541

CRITICAL

CVSS:9.1(Critical)

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an out-of-bounds write vulnerability in the e1000e virtual network adapter. Successful exploitation of this issue may le...

CWE-7872019

CVE-2020-0283

CRITICAL

CVSS:9.1(Critical)

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-163008257

CWE-7872020

CVE-2020-7131

Vulnerability Description

Related Vulnerabilities

CVE-2017-2867

CVE-2021-29665

CVE-2024-55884

CVE-2017-2615

CVE-2019-5541

CVE-2020-0283