How severe is CVE-2024-20280?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-20280?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2024-20280 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key.

Related Vulnerabilities

CVE-2022-26020

MEDIUM

CVSS:6.3(Medium)

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privile...

CWE-3212022

CVE-2024-12078

MEDIUM

CVSS:6.3(Medium)

ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key.

CWE-3212024

CVE-2024-3109

MEDIUM

CVSS:6.3(Medium)

A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.

CWE-3212024

CVE-2019-10990

MEDIUM

CVSS:6.5(Medium)

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to ...

CWE-3212019

CVE-2019-13929

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a passw...

CWE-3212019

CVE-2019-17098

MEDIUM

CVSS:6.5(Medium)

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication ...

CWE-3212019