How severe is CVE-2020-3428?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2020-3428?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-3428 - HIGH Severity | CVSS 7.4

Vulnerability Description

A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.

Related Vulnerabilities

CVE-2012-0051

HIGH

CVSS:7.4(High)

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

CWE-202012

CVE-2012-1326

HIGH

CVSS:7.4(High)

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

CWE-202012

CVE-2013-0243

HIGH

CVSS:7.4(High)

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

CWE-202013

CVE-2015-8331

HIGH

CVSS:7.4(High)

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attacke...

CWE-202015

CVE-2015-8466

HIGH

CVSS:7.4(High)

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

CWE-202015

CVE-2015-8870

HIGH

CVSS:7.4(High)

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process m...

CWE-202015