How severe is CVE-2020-3423?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2020-3423?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2020-3423

MEDIUM Year: 2020

CVSS v3 Score

6.7

Medium

CVSS v2 Score

7.2

High

Weakness Type

CWE-119

View all →

Vulnerability Description

A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.

CVE-2016-4439

MEDIUM

CVSS:6.7(Medium)

The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI Controller (FSC) support in QEMU does not properly check command buffer length, which allows local guest OS administrators to cause a...

CWE-1192016

CVE-2016-8774

MEDIUM

CVSS:6.7(Medium)

The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones ...

CWE-1192016

CVE-2016-8775

MEDIUM

CVSS:6.7(Medium)

Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows att...

CWE-1192016

CVE-2018-0342

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial o...

CWE-1192018

CVE-2018-1068

MEDIUM

CVSS:6.7(Medium)

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

CWE-1192018

CVE-2018-12150

MEDIUM

CVSS:6.7(Medium)

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local acc...

CWE-1192018

CVE-2020-3423

Vulnerability Description

Related Vulnerabilities

CVE-2016-4439

CVE-2016-8774

CVE-2016-8775

CVE-2018-0342

CVE-2018-1068

CVE-2018-12150