How severe is CVE-2020-1982?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2020-1982?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2020-1982 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue.

Related Vulnerabilities

CVE-2010-3670

MEDIUM

CVSS:4.8(Medium)

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.

CWE-3262010

CVE-2015-4953

MEDIUM

CVSS:4.8(Medium)

IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X...

CWE-3262015

CVE-2021-28095

MEDIUM

CVSS:4.8(Medium)

OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structures because hash collisions can occur, due to use of CRC32.

CWE-3262021

CVE-2015-8085

MEDIUM

CVSS:4.9(Medium)

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300...

CWE-3262015

CVE-2015-8086

MEDIUM

CVSS:4.9(Medium)

CWE-3262015

CVE-2021-20406

MEDIUM

CVSS:4.9(Medium)

IBM Security Verify Information Queue 1.0.6 and 1.0.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196184.

CWE-3262021