How severe is CVE-2020-3404?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-3404?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2020-3404 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.

Related Vulnerabilities

CVE-2017-1233

MEDIUM

CVSS:6.7(Medium)

IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. ...

CWE-8632017

CVE-2019-3887

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L...

CWE-8632019

CVE-2021-22521

MEDIUM

CVSS:6.7(Medium)

A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited...

CWE-8632021

CVE-2021-26563

MEDIUM

CVSS:6.7(Medium)

Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

CWE-8632021

CVE-2023-20880

MEDIUM

CVSS:6.7(Medium)

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.

CWE-8632023

CVE-2023-21116

MEDIUM

CVSS:6.7(Medium)

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escal...

CWE-8632023