How severe is CVE-2016-3989?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2016-3989?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2016-3989 - HIGH Severity | CVSS 8.1

Vulnerability Description

The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.

Related Vulnerabilities

CVE-2013-7202

HIGH

CVSS:8.1(High)

The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.

CWE-2642013

CVE-2016-0036

HIGH

CVSS:8.1(High)

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code vi...

CWE-2642016

CVE-2016-0915

HIGH

CVSS:8.1(High)

The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an ar...

CWE-2642016

CVE-2016-10086

HIGH

CVSS:8.1(High)

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions a...

CWE-2642016

CVE-2016-10116

HIGH

CVSS:8.1(High)

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adje...

CWE-2642016

CVE-2016-1290

HIGH

CVSS:8.1(High)

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain...

CWE-2642016