How severe is CVE-2020-3367?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-3367?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2020-3367 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Related Vulnerabilities

CVE-2017-3806

MEDIUM

CVSS:5.3(Medium)

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject...

CWE-782017

CVE-2018-15726

MEDIUM

CVSS:5.3(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

CWE-782018

CVE-2019-20807

MEDIUM

CVSS:5.3(Medium)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CWE-782019

CVE-2020-26294

MEDIUM

CVSS:5.3(Medium)

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server co...

CWE-782020

CVE-2021-30187

MEDIUM

CVSS:5.3(Medium)

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CWE-782021

CVE-2023-25759

MEDIUM

CVSS:5.3(Medium)

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payloa...

CWE-782023