Published: 20/08/2020 Updated: 03/12/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Net-SNMP up to and including 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

Vulnerable Product	Search on Vulmon	Subscribe to Product
net-snmp net-snmp
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 12.04
netapp cloud backup -
netapp smi-s provider -
netapp solidfire \\& hci management node -

Debian Bug report logs - #966599 snmpd: Elevation of Privileges due to symlink handling (CVE-2020-15861) Package: snmpd; Maintainer for snmpd is Net-SNMP Packaging Team <pkg-net-snmp-devel@listsaliothdebianorg>; Source for snmpd is src:net-snmp (PTS, buildd, popcon) Reported by: Craig Small <csmall@debianorg> Dat ...

Several vulnerabilities were discovered in net-snmp, a suite of Simple Network Management Protocol applications, which could lead to privilege escalation For the stable distribution (buster), these problems have been fixed in version 573+dfsg-5+deb10u1 We recommend that you upgrade your net-snmp packages For the detailed security status of net ...

CWE-59 https://github.com/net-snmp/net-snmp/issues/145 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 https://security.gentoo.org/glsa/202008-12 https://usn.ubuntu.com/4471-1/https://security.netapp.com/advisory/ntap-20200904-0001/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4746

CVE-2020-15861

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect