CVE-2024-20069

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-757
View all →

Vulnerability Description

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

Related Vulnerabilities

CVE-2020-16200

MEDIUM
CVSS:6.5(Medium)

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influen...

CWE-7572020

CVE-2021-36326

MEDIUM
CVSS:6.5(Medium)

Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, l...

CWE-7572021

CVE-2019-16791

MEDIUM
CVSS:5.9(Medium)

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

CWE-7572019

CVE-2019-14887

HIGH
CVSS:7.4(High)

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfl...

CWE-7572019

CVE-2017-9267

HIGH
CVSS:7.5(High)

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

CWE-7572017

CVE-2022-33160

HIGH
CVSS:7.5(High)

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.

CWE-7572022