How severe is CVE-2020-10713?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-10713?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2020-10713

HIGH Year: 2020

CVSS v3 Score

8.2

High

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-120

View all →

Vulnerability Description

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2019-20734

HIGH

CVSS:8.2(High)

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6...

CWE-1202019

CVE-2020-8719

HIGH

CVSS:8.2(High)

Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via local...

CWE-1202020

CVE-2020-8722

HIGH

CVSS:8.2(High)

Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable escalation of privilege via loc...

CWE-1202020

CVE-2021-34987

HIGH

CVSS:8.2(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged cod...

CWE-1202021

CVE-2022-24910

HIGH

CVSS:8.2(High)

A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker c...

CWE-1202022

CVE-2022-40261

HIGH

CVSS:8.2(High)

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) an...

CWE-1202022

CVE-2020-10713

Vulnerability Description

Related Vulnerabilities

CVE-2019-20734

CVE-2020-8719

CVE-2020-8722

CVE-2021-34987

CVE-2022-24910

CVE-2022-40261