How severe is CVE-2020-9057?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-9057?

This is classified as CWE-311, which is a common weakness in software security.

CVE-2020-9057 - HIGH Severity | CVSS 8.8

Vulnerability Description

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device. An attacker can also capture and replay Z-Wave traffic. Firmware upgrades cannot directly address this vulnerability as it is an issue with the Z-Wave specification for these legacy chipsets. One way to protect against this vulnerability is to use 500 or 700 series chipsets that support Security 2 (S2) encryption. As examples, the Linear WADWAZ-1 version 3.43 and WAPIRZ-1 version 3.43 (with 300 series chipsets) are vulnerable.

Related Vulnerabilities

CVE-2017-3219

HIGH

CVSS:8.8(High)

Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.

CWE-3112017

CVE-2018-7781

HIGH

CVSS:8.8(High)

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear t...

CWE-3112018

CVE-2019-1003051

HIGH

CVSS:8.8(High)

Jenkins IRC Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.

CWE-3112019

CVE-2019-1003052

HIGH

CVSS:8.8(High)

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file sy...

CWE-3112019

CVE-2019-1003053

HIGH

CVSS:8.8(High)

Jenkins HockeyApp Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file syst...

CWE-3112019

CVE-2019-1003054

HIGH

CVSS:8.8(High)

Jenkins Jira Issue Updater Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master ...

CWE-3112019