How severe is CVE-2020-3467?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2020-3467?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2020-3467 - HIGH Severity | CVSS 7.7

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of the configuration. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.

Related Vulnerabilities

CVE-2016-4514

HIGH

CVSS:7.7(High)

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

CWE-8632016

CVE-2021-21484

HIGH

CVSS:7.7(High)

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

CWE-8632021

CVE-2023-23304

HIGH

CVSS:7.7(High)

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious app...

CWE-8632023

CVE-2023-42860

HIGH

CVSS:7.7(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of t...

CWE-8632023

CVE-2024-10975

HIGH

CVSS:7.7(High)

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. Thi...

CWE-8632024

CVE-2024-38329

HIGH

CVSS:7.7(High)

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper valida...

CWE-8632024