How severe is CVE-2020-3538?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2020-3538?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-3538

MEDIUM Year: 2020

CVSS v3 Score

4.6

Medium

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE-2015-6839

MEDIUM

CVSS:4.6(Medium)

The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RF...

CWE-202015

CVE-2016-11040

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (J...

CWE-202016

CVE-2016-11048

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 20...

CWE-202016

CVE-2016-11053

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016)...

CWE-202016

CVE-2017-17158

MEDIUM

CVSS:4.6(Medium)

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the v...

CWE-202017

CVE-2017-5695

MEDIUM

CVSS:4.6(Medium)

Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF0...

CWE-202017

CVE-2020-3538

Vulnerability Description

Related Vulnerabilities

CVE-2015-6839

CVE-2016-11040

CVE-2016-11048

CVE-2016-11053

CVE-2017-17158

CVE-2017-5695