How severe is CVE-2020-3197?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-3197?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2020-3197 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. The vulnerability is due to insufficient protection mechanisms for the TURN server credentials. An attacker could exploit this vulnerability by intercepting the legitimate traffic that is generated by an affected system. An exploit could allow the attacker to obtain the TURN server credentials, which the attacker could use to place audio/video calls and forward packets through the configured TURN server. The attacker would not be able to take control of the TURN server unless the same credentials were used in multiple systems.

Related Vulnerabilities

CVE-2016-10835

MEDIUM

CVSS:4.3(Medium)

cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

CWE-2872016

CVE-2016-4863

MEDIUM

CVSS:4.3(Medium)

The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series ...

CWE-2872016

CVE-2017-1000110

MEDIUM

CVSS:4.3(Medium)

Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines i...

CWE-2872017

CVE-2017-1002024

MEDIUM

CVSS:4.3(Medium)

Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.

CWE-2872017

CVE-2017-12213

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dyna...

CWE-2872017

CVE-2018-0362

MEDIUM

CVSS:4.3(Medium)

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local attack...

CWE-2872018