How severe is CVE-2020-3152?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-3152?

This is classified as CWE-275, which is a common weakness in software security.

CVE-2020-3152 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

Related Vulnerabilities

CVE-2016-8214

MEDIUM

CVSS:6.7(Medium)

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

CWE-2752016

CVE-2016-10818

MEDIUM

CVSS:6.5(Medium)

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

CWE-2752016

CVE-2016-3022

MEDIUM

CVSS:6.5(Medium)

IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.

CWE-2752016

CVE-2017-9327

MEDIUM

CVSS:6.5(Medium)

Secret data of processes managed by CM is not secured by file permissions.

CWE-2752017

CVE-2017-0883

MEDIUM

CVSS:6.4(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary t...

CWE-2752017

CVE-2015-7842

HIGH

CVSS:7.1(High)

Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with so...

CWE-2752015