How severe is CVE-2023-20215?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-20215?

This is classified as CWE-202, which is a common weakness in software security.

CVE-2023-20215 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.

Related Vulnerabilities

CVE-2024-20388

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the password change feature of Cisco Firepower Management Center (FMC) software could allow an unauthenticated, remote attacker to determine valid user names on an affected device. ...

CWE-2022024

CVE-2024-38895

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2024-38897

MEDIUM

CVSS:5.3(Medium)

WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.

CWE-2022024

CVE-2021-1372

MEDIUM

CVSS:5.5(Medium)

A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system....

CWE-2022021

CVE-2023-1625

MEDIUM

CVSS:5.0(Medium)

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. ...

CWE-2022023

CVE-2021-4159

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to...

CWE-2022021