How severe is CVE-2020-3508?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2020-3508?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2020-3508

HIGH Year: 2020

CVSS v3 Score

7.4

High

CVSS v2 Score

6.1

Medium

Weakness Type

CWE-400

View all →

Vulnerability Description

A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.

CVE-2018-0441

HIGH

CVSS:7.4(High)

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a...

CWE-4002018

CVE-2018-0471

HIGH

CVSS:7.4(High)

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead ...

CWE-4002018

CVE-2018-3979

HIGH

CVSS:7.4(High)

A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can caus...

CWE-4002018

CVE-2019-0031

HIGH

CVSS:7.4(High)

Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a memory resource consumption issue to occur on a Junos OS device using the jdhcpd daemon configured to respond to IPv6 requests. On...

CWE-4002019

CVE-2019-11060

HIGH

CVSS:7.4(High)

The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very s...

CWE-4002019

CVE-2019-15264

HIGH

CVSS:7.4(High)

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation of Cisco Aironet and Catalyst 9100 Access Points (APs) could allow an unauthenticated, adjace...

CWE-4002019

CVE-2020-3508

Vulnerability Description

Related Vulnerabilities

CVE-2018-0441

CVE-2018-0471

CVE-2018-3979

CVE-2019-0031

CVE-2019-11060

CVE-2019-15264