How severe is CVE-2020-3151?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2020-3151?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-3151 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to escape the restricted shell and execute a set of normally unauthorized commands with the privileges of a non-root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

Related Vulnerabilities

CVE-2018-1987

MEDIUM

CVSS:5.1(Medium)

IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID:...

CWE-2872018

CVE-2025-25450

MEDIUM

CVSS:5.1(Medium)

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint

CWE-2872025

CVE-2025-25451

MEDIUM

CVSS:5.1(Medium)

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key

CWE-2872025

CVE-2025-25452

MEDIUM

CVSS:5.1(Medium)

An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint

CWE-2872025

CVE-2020-4205

MEDIUM

CVSS:5.0(Medium)

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have bee...

CWE-2872020

CVE-2023-0264

MEDIUM

CVSS:5.0(Medium)

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the sam...

CWE-2872023