CVE-2020-15862

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Net-SNMP versions prior to 5.8

Description The issue is related to improper privilege management in the Net-SNMP software. It allows SNMP WRITE access to the EXTEND MIB, which can be exploited to run arbitrary commands as root. This could potentially lead to unauthorized access to sensitive information, disruption of data integrity, and denial of service.

Recommendations For Net-SNMP versions prior to 5.8, consider restricting SNMP WRITE access to the EXTEND MIB to prevent exploitation. As a temporary workaround, limit the privileges assigned to the SNMP service to minimize the risk of arbitrary command execution.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2020-05882

CESA-2020_5350

CESA-2020_5480

CVE-2020-15862

DLA-2299-1

DLA-2313-1

DSA-4746-1

OPENSUSE-SU-2022:0050-1

OPENSUSE-SU-2022_0050-1

RHSA-2020:5129

RHSA-2020:5201

RHSA-2020:5350

RHSA-2020:5372

RHSA-2020:5420

RHSA-2020:5480

RHSA-2020_5129

RHSA-2020_5350

RHSA-2020_5480

RHSA-2021:0257

RHSA-2021:0358

RHSA-2021:0525

SUSE-SU-2021:4191-1

SUSE-SU-2021_4191-1

SUSE-SU-2022:0030-1

SUSE-SU-2022:0050-1

SUSE-SU-2022:0050-2

SUSE-SU-2022_0030-1

USN-4471-1

USN-4471-2

Affected Products

Centos

Linuxmint

Net-Snmp

Red Hat

Suse

Ubuntu

CVE-2020-15862

Weakness Enumeration

Related Identifiers

Affected Products

References · 62