How severe is CVE-2020-3492?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2020-3492?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-3492

HIGH Year: 2020

CVSS v3 Score

8.6

High

CVSS v2 Score

7.8

High

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.

CVE-2014-0144

HIGH

CVSS:8.6(High)

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input val...

CWE-202014

CVE-2015-8702

HIGH

CVSS:8.6(High)

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\03...

CWE-202015

CVE-2016-4332

HIGH

CVSS:8.6(High)

The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't sup...

CWE-202016

CVE-2016-5782

HIGH

CVSS:8.6(High)

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for v...

CWE-202016

CVE-2016-9692

HIGH

CVSS:8.6(High)

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vuln...

CWE-202016

CVE-2017-12244

HIGH

CVSS:8.6(High)

A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial o...

CWE-202017

CVE-2020-3492

Vulnerability Description

Related Vulnerabilities

CVE-2014-0144

CVE-2015-8702

CVE-2016-4332

CVE-2016-5782

CVE-2016-9692

CVE-2017-12244