CVE-2020-12142

MEDIUM Year: 2020
CVSS v3 Score
4.9
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell.

Related Vulnerabilities

CVE-2021-21878

MEDIUM
CVSS:4.9(Medium)

A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to ...

CWE-6682021

CVE-2022-21718

MEDIUM
CVSS:5.0(Medium)

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6...

CWE-6682022

CVE-2019-11728

MEDIUM
CVSS:4.7(Medium)

The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Fi...

CWE-6682019

CVE-2022-41874

MEDIUM
CVSS:4.7(Medium)

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of spec...

CWE-6682022

CVE-2024-32473

MEDIUM
CVSS:4.7(Medium)

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on networ...

CWE-6682024