How severe is CVE-2020-3549?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-3549?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2020-3549

HIGH Year: 2020

CVSS v3 Score

8.1

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-326

View all →

Vulnerability Description

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device.

CVE-2016-10102

HIGH

CVSS:8.1(High)

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd ...

CWE-3262016

CVE-2017-14262

HIGH

CVSS:8.1(High)

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUse...

CWE-3262017

CVE-2018-15796

HIGH

CVSS:8.1(High)

Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an insecure hashing algorithm to sign URLs. A remote malicious user may obtain a signed URL and extract the signing key, allowing the...

CWE-3262018

CVE-2021-32010

HIGH

CVSS:8.1(High)

Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All version...

CWE-3262021

CVE-2022-25156

HIGH

CVSS:8.1(High)

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series...

CWE-3262022

CVE-2022-29566

HIGH

CVSS:8.1(High)

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the ...

CWE-3262022

CVE-2020-3549

Vulnerability Description

Related Vulnerabilities

CVE-2016-10102

CVE-2017-14262

CVE-2018-15796

CVE-2021-32010

CVE-2022-25156

CVE-2022-29566