CVE-2020-15861

EUVD-2020-7842
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
net-snmpnet-snmp
𝑥
≤ 5.7.3
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
20.04
netappcloud_backup
-
netappsmi-s_provider
-
netappsolidfire_\&_hci_management_node
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
net-snmp
bookworm
5.9.3+dfsg-2
fixed
bullseye
5.9+dfsg-4+deb11u1
fixed
bullseye (security)
5.9+dfsg-4+deb11u1
fixed
sid
5.9.4+dfsg-1.1
fixed
trixie
5.9.4+dfsg-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
net-snmp
bionic
Fixed 5.7.3+dfsg-1.8ubuntu3.5
released
focal
Fixed 5.8+dfsg-2ubuntu2.3
released
trusty
Fixed 5.7.2~dfsg-8.1ubuntu3.3+esm1
released
xenial
Fixed 5.7.3+dfsg-1ubuntu4.5
released
Common Weakness Enumeration
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/issues/145
https://security.gentoo.org/glsa/202008-12
https://security.netapp.com/advisory/ntap-20200904-0001/
https://usn.ubuntu.com/4471-1/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/issues/145
https://security.gentoo.org/glsa/202008-12
https://security.netapp.com/advisory/ntap-20200904-0001/
https://usn.ubuntu.com/4471-1/