CVE-2020-15862

Published: Aug 20, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

Affected (10)

Products: Net Snmp: Net Snmp · Canonical: Ubuntu Linux · Netapp: Cloud Backup, Hci Management Node, Smi S Provider, Solidfire

1 product

1 product

4 products

Hci Management Node

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Net Snmp Net Snmp	Before 5.8.1

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions
Netapp Hci Management Node	All versions
Netapp Smi S Provider	All versions
Netapp Solidfire	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (14)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

Source: cve@mitre.org

PatchThird Party Advisory

https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e

Source: cve@mitre.org

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2020-15862

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/202008-12

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200904-0001/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4471-1/

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2020-15862

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202008-12

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200904-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4471-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.