How severe is CVE-2020-3557?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2020-3557?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2020-3557 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API.

Related Vulnerabilities

CVE-2011-2207

MEDIUM

CVSS:5.3(Medium)

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

CWE-2952011

CVE-2016-11076

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

CWE-2952016

CVE-2016-5648

MEDIUM

CVSS:5.3(Medium)

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

CWE-2952016

CVE-2017-1000417

MEDIUM

CVSS:5.3(Medium)

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.

CWE-2952017

CVE-2017-18588

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.

CWE-2952017

CVE-2017-2623

MEDIUM

CVSS:5.3(Medium)

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail t...

CWE-2952017