How severe is CVE-2020-3436?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2020-3436?

This is classified as CWE-434, which is a common weakness in software security.

CVE-2020-3436

HIGH Year: 2020

CVSS v3 Score

8.6

High

CVSS v2 Score

7.8

High

Weakness Type

CWE-434

View all →

Vulnerability Description

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload. The vulnerability exists because the affected software does not efficiently handle the writing of large files to specific folders on the local file system. An attacker could exploit this vulnerability by uploading files to those specific folders. A successful exploit could allow the attacker to write a file that triggers a watchdog timeout, which would cause the device to unexpectedly reload, causing a denial of service (DoS) condition.

CVE-2021-21355

HIGH

CVSS:8.6(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime...

CWE-4342021

CVE-2025-45997

HIGH

CVSS:8.6(High)

Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image...

CWE-4342025

CVE-2021-39141

HIGH

CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only b...

CWE-4342021