How severe is CVE-2020-5876?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2020-5876?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2020-5876 - HIGH Severity | CVSS 8.1

Vulnerability Description

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up.

Related Vulnerabilities

CVE-2017-1694

HIGH

CVSS:8.1(High)

IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.

CWE-3192017

CVE-2017-6432

HIGH

CVSS:8.1(High)

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man...

CWE-3192017

CVE-2018-13140

HIGH

CVSS:8.1(High)

Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.

CWE-3192018

CVE-2018-1360

HIGH

CVSS:8.1(High)

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to r...

CWE-3192018

CVE-2018-15752

HIGH

CVSS:8.1(High)

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Cleartext Transmission of Sensitive Information allows man-in-the-middle attackers to eavesdrop authen...

CWE-3192018

CVE-2018-7298

HIGH

CVSS:8.1(High)

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic protect...

CWE-3192018