How severe is CVE-2020-3389?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2020-3389?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2020-3389 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.

Related Vulnerabilities

CVE-2016-8224

MEDIUM

CVSS:4.4(Medium)

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Manageme...

CWE-3102016

CVE-2016-10376

MEDIUM

CVSS:4.5(Medium)

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted...

CWE-3102016

CVE-2016-2053

MEDIUM

CVSS:4.7(Medium)

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to misha...

CWE-3102016

CVE-2020-8150

MEDIUM

CVSS:4.1(Medium)

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

CWE-3102020

CVE-2021-41993

MEDIUM

CVSS:4.8(Medium)

A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

CWE-3102021

CVE-2021-41994

MEDIUM

CVSS:4.8(Medium)

A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.

CWE-3102021