7.8

CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Net-snmpNet-snmp Version < 5.8.1
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionesm
CanonicalUbuntu Linux Version20.04 SwEditionlts
NetappCloud Backup Version-
NetappSmi-s Provider Version-
NetappSolidfire Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.299
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://security.gentoo.org/glsa/202008-12
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0001/
Third Party Advisory
https://usn.ubuntu.com/4471-1/
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166
Third Party Advisory
Issue Tracking
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
Patch
Third Party Advisory
https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2020-15862
Third Party Advisory