How severe is CVE-2020-3165?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-3165?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2020-3165

HIGH Year: 2020

CVSS v3 Score

8.2

High

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-798

View all →

Vulnerability Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system’s trusted network.

CVE-2016-0235

HIGH

CVSS:8.2(High)

IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force...

CWE-7982016

CVE-2017-12350

HIGH

CVSS:8.2(High)

A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulner...

CWE-7982017

CVE-2019-7212

HIGH

CVSS:8.2(High)

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mail...

CWE-7982019

CVE-2022-31269

HIGH

CVSS:8.2(High)

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 defau...

CWE-7982022

CVE-2024-9334

HIGH

CVSS:8.2(High)

Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium ...

CWE-7982024

CVE-2012-4381

HIGH

CVSS:8.1(High)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force ...

CWE-7982012

CVE-2020-3165

Vulnerability Description

Related Vulnerabilities

CVE-2016-0235

CVE-2017-12350

CVE-2019-7212

CVE-2022-31269

CVE-2024-9334

CVE-2012-4381