How severe is CVE-2020-3432?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2020-3432?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2020-3432 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2023-21567

MEDIUM

CVSS:5.6(Medium)

Visual Studio Denial of Service Vulnerability

CWE-592023

CVE-1999-0783

MEDIUM

CVSS:5.5(Medium)

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CWE-591999

CVE-1999-1386

MEDIUM

CVSS:5.5(Medium)

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CWE-591999

CVE-2000-0972

MEDIUM

CVSS:5.5(Medium)

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messag...

CWE-592000

CVE-2000-1178

MEDIUM

CVSS:5.5(Medium)

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

CWE-592000

CVE-2001-1494

MEDIUM

CVSS:5.5(Medium)

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root exe...

CWE-592001