CVE-2020-15861
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15861
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15861.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15861
- Downstream
- Published
- 2020-08-20T01:17:13Z
- Modified
- 2025-09-19T12:07:12.506946Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
- References
-
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599
- https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
- https://github.com/net-snmp/net-snmp/issues/145
- https://security.gentoo.org/glsa/202008-12
- https://security.netapp.com/advisory/ntap-20200904-0001/
- https://usn.ubuntu.com/4471-1/
Affected packages
Git / github.com/net-snmp/net-snmp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/net-snmp/net-snmp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.10
v5.0.10.2
v5.0.11
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.4.1
v5.2
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.4.pre1
v5.2.4.pre2
v5.2.4.pre3
v5.2.4.rc1
v5.2.4.rc2
v5.2.5
v5.2.5.pre1
v5.2.5.pre2
v5.2.5.rc1
v5.2.5.rc2
v5.2.6
v5.2.6.pre1
v5.2.6.pre2
v5.2.6.rc1
v5.2.6.rc2
v5.2.6.rc3
v5.3
v5.3.1
v5.3.2
v5.3.2.pre1
v5.3.2.rc1
v5.3.3
v5.3.3.pre1
v5.3.3.rc1
v5.3.3.rc2
v5.3.4
v5.3.4.pre1
v5.3.4.pre2
v5.3.4.rc1
v5.4
v5.4.1
v5.4.1.pre1
v5.4.1.pre2
v5.4.1.pre3
v5.4.1.rc1
v5.4.1.rc2
v5.4.1.rc3
v5.4.1.rc4
v5.4.2
v5.4.2.pre1
v5.4.2.pre2
v5.4.2.rc1
v5.4.2.rc2
v5.4.2.rc3
v5.4.3
v5.4.3.pre1
v5.4.3.pre2
v5.4.3.rc1
v5.4.3.rc2
v5.4.3.rc3
v5.4.4
v5.4.4.pre1
v5.4.4.pre2
v5.4.4.rc1
v5.4.5.pre1
v5.4.5.pre2
v5.5
v5.5.1
v5.5.1.rc2
v5.5.2
v5.5.2.pre1
v5.5.2.rc1
v5.5.2.rc2
v5.5.2.rc3
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.1
v5.6.1.pre1
v5.6.1.pre2
v5.6.1.rc1
v5.6.1.rc2
v5.6.2
v5.6.2.pre1
v5.6.2.pre2
v5.6.2.rc1
v5.6.2.rc2
v5.6.2.rc3
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.1
v5.7.1.pre1
v5.7.1.pre2
v5.7.1.rc1
v5.7.1.rc2
v5.7.1.rc3
v5.7.2
v5.7.2.pre1
v5.7.2.pre2
v5.7.2.pre3
v5.7.2.rc1
v5.7.2.rc2
v5.7.2.rc3
v5.7.3
v5.7.3.pre1
v5.7.3.pre2
v5.7.3.pre3
v5.7.3.pre4
v5.7.3.pre5
v5.7.3.rc1
v5.7.3.rc2
v5.7.3.rc3
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
v5.8
v5.8.pre1
v5.8.pre2
v5.8.pre3
v5.8.rc1
v5.8.rc2
v5.8.rc3
v5.8.rc4
Database specific
{
"vanir_signatures": [
{
"target": {
"file": "snmplib/mib.c",
"function": "_mibindex_add"
},
"id": "CVE-2020-15861-1ab1691d",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 666.0,
"function_hash": "145014679575689650584675739969347332431"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "include/net-snmp/library/parse.h"
},
"id": "CVE-2020-15861-272b2ae4",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"line_hashes": [
"258006950393430341598206445558390697243",
"223245324346843983598874277929133242238",
"46811257327023568725342291935664909467",
"118823272657575215291975157349148577674"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "snmplib/parse.c"
},
"id": "CVE-2020-15861-284989d7",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"line_hashes": [
"158512933697539680873049494826664811023",
"32491476551214894676688626481375177197",
"70137202526186634354725563169886466689",
"5842608046102079676927886484797392963",
"140529204713235808394177027893286229492",
"39172634948536669897502844975899042363",
"213275433098533763022001259375068787717",
"249177652949796322444984461098062970398",
"135292701236488654698620339221612159953",
"153004880268381420129446368270116652183",
"36408444320004856021850802751786285169",
"55003524299964907419165426311265968631",
"216508888027184995456451585793040095155",
"18199627237426701927657442044047830623",
"250408406402580560696427568504238934875",
"212347618658083204341553965834321065038",
"286370281994255075258275965195305174420",
"148330288602802279258808301241206165100",
"337731573923766061739971311747628988842",
"310313061424085978472552389318727536242",
"1865301024747981809525596336653974350",
"150065852043199339462018929248479185822",
"331228974393414931987906460935558561437",
"161628386749268161420973307547675260264",
"28632219393095141707898149151708574847",
"247836514931539703430701283283674209036",
"42482847629809766720554338590888310771",
"268863795309628781834012342656198501376",
"40989527261916966812716721271129682727",
"161400566058498699535214771688307959391",
"210494064010269170020135019854440881180",
"26186057142837500718551021584270208352",
"104939329350067107671829490621627646316",
"206974553315651997238917885709104656188",
"54548025319365572035487977263207670291",
"44115886991222207857949601994769973618",
"74446634114968974134893930102327238658",
"183280764967901068938656727202763698203",
"325308309086901068202295813621931562443",
"233492301078432649207096029000120180976",
"146328530312050252729608029898056977131",
"122523256345046031764871291806859628749",
"48400611334331644704150514888702051394",
"144222246886405846624829872612145959723",
"48883379856577036807395428499623031633",
"37986477186843114837444358482119383447",
"328474841723554564502350452113262649275",
"67838216296081224120015188288979386448",
"194761520840014978050860772561952925805",
"256947162569636098762544014906428675047",
"211436156097942778804129755676712596687",
"244287023554933209490610613713922209805",
"228493517092605082537631547235823713536",
"284842611192106714385325098216469231650",
"168569178439268884588712254003887316267",
"317855880376115918089758509218505118599",
"220551355805697101109464968118111069527",
"289784845331688094638823562714809804052",
"314188453092132276099319748727447226798",
"164331305135014412249334963021399507092",
"133312632277358849480658630477315321281",
"44349657042989761565446870786712824239",
"148752340976186499894786787307069273613",
"8962815919675171825625167827538491868",
"151373991542250145975821305958226791722",
"31224390623484860007925198998919542557",
"298728113266379907256032112755999231114",
"43122298052384690072424329564608043116",
"222189781345996120972388980288583605050",
"1524702121779427049380525470957401319",
"142155696015156704897086555025372786733"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "snmplib/parse.c",
"function": "add_mibfile"
},
"id": "CVE-2020-15861-4a85f19f",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 620.0,
"function_hash": "112986209661699835997137440702586534201"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c",
"function": "netsnmp_mibindex_load"
},
"id": "CVE-2020-15861-5d2c8926",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 1154.0,
"function_hash": "170481824433810834831224908811649127529"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c",
"function": "netsnmp_mibindex_new"
},
"id": "CVE-2020-15861-84210969",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 463.0,
"function_hash": "237215025463548406932053674162216185937"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c",
"function": "netsnmp_mibindex_lookup"
},
"id": "CVE-2020-15861-b2792b1d",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 475.0,
"function_hash": "307254076294149860615418922272869378490"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/parse.c",
"function": "add_mibdir"
},
"id": "CVE-2020-15861-b403f116",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 1699.0,
"function_hash": "165382700723976445475101237095193553802"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "include/net-snmp/library/mib.h"
},
"id": "CVE-2020-15861-bd274f99",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"line_hashes": [
"279851055321414569382842808087258497000",
"181833821969936643317650856029611411718",
"275871831599369720285877128776141084617",
"228188481720208030384543144792291266447",
"64872837152681095299872043560177138187",
"29929484290399058582926187833199129176"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c",
"function": "netsnmp_init_mib"
},
"id": "CVE-2020-15861-c3462cf1",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 3534.0,
"function_hash": "257363585448700372957936713122442586042"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c",
"function": "shutdown_mib"
},
"id": "CVE-2020-15861-d2fdf4bd",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"length": 535.0,
"function_hash": "147886039327830622296918830012085282768"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"target": {
"file": "snmplib/mib.c"
},
"id": "CVE-2020-15861-d34be457",
"source": "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602",
"digest": {
"line_hashes": [
"24646240475115471616800964315071370907",
"269654530702087529437357219022778345626",
"286965316549030242412831885313176177097",
"26808230819877403543416037673883218207",
"311622631763582568781992032173289918868",
"27500052557316724793430359860889664504",
"229163669172430774686581150961549818992",
"214955007102488912394801775700599055883",
"270567709625690281463755904672381940240",
"292601381072927727525697880848160511330",
"185013674327022462715363370400203993535",
"302531855657484780268600000196760701319",
"122249536782445161943353522797895770925",
"265522545891735892288444749723587879835",
"136050074506464804275625719972368442412",
"184539275522532486107898364508255938827",
"323511488972196436190211584405418625156",
"161810577812951999113770298451148383623",
"46630675273551257740812537114076691108",
"255644724727299255541351412828965010873",
"105499509156894332891425562174081019872",
"148843867801027126079565206877578693738",
"2880135087347403832953633603359744954",
"194983240578125028281527747785301211452",
"204086569011810167010019036415322280723",
"338786809583189804553389102898110166590",
"80839387675976817723184316974066143969",
"69653409188317967792020743190710281919",
"168595316369884580705451547797176554472",
"326455217101359328546561410932549364880",
"197631528918571071402397793934389182119",
"250803621559343560091945547004462192597",
"159407117741252817788135227934237927482",
"110602064131662514804838073891151235587",
"217253519803418733872297542973869076977",
"4311761827111529034402192273728089859",
"301324513392750371907332627847213334717",
"277787217338799520365103987739887363518",
"161563483318235823841256020983613131872",
"199733149287968059662780809869442548677",
"110324244040446269002807625288614061313",
"132605672570991112875104175162498162378",
"2739793114881924913961507141965792604",
"320115973365020637934028209343502190991",
"55086986182548073910425659024094422737",
"182478907838955036453950042577416972514",
"201195719727934767088537063930620272319",
"37792802686500148240457581469372367518",
"40352213303734992094450640543884063326",
"223210712693038654819533285211717322142",
"119857948328423420438067085361611959878",
"200911522858986181327311433200642619885",
"79018555393866127105276734669073815907",
"36197132157086079180462682516278985706",
"74602948257279050103936715002108638388",
"83995068373729036858440013628254621180",
"105665491771208815414152609021346506321",
"311534083138724943130606565783016588667",
"208213247613236535587240080910528964138",
"268247644052656230687429258544132236208",
"263630635542926844208012615369292003677",
"69935479035470584165094644674699733378",
"96864726315822250909486283702052559153",
"329333563575095143269919333880119152885",
"114814268349650370913691669102648310846",
"162710956295068121595955700314434942239",
"131709419435096636076925672536673690073",
"262359305137598159900613662813298203872",
"160937479052991875267320777581178374122",
"17487293860162727640576276140562375722",
"37686230328850626401423384339525583821",
"304649594011479918331018725772852966031",
"113835006721281249074956257185633256743",
"296013029022859716080516588144819274462",
"104373284205043019821088340519062566924",
"314433544565770080724285452195718774759",
"206728260273374964356407527225450420789",
"144738966701805793888356710238730446549",
"47322889164019202326010580843166532049",
"225407577683775351570598855052566244596",
"119396409083500988525798148761691351824",
"272852502175051761919859419862700404250",
"3792733923760325797999975417585403532",
"226651965090032898398658650426116338528",
"335250350209778204218709371238406397429",
"7127008552884531576526089299479435976",
"20516555663371176716016861371877696715",
"328177449727136879365375346533663345708",
"163445725883300978004512414636792222282",
"186218995143728518630144265802012057076",
"158826340986896763287432854433255918441",
"273532471173843924532542347592101031234",
"2957167638279831740576141681383901601",
"206517022712468167435509577410780001903",
"254493703027155311396208578705394064923",
"281871421380880443648045382169840257300",
"336396344628123044328142059295402194681",
"136329525402869360614591561500274649009",
"30373448401173432323695149997291053973",
"321443470720831099042817898460182871876",
"193523068163520534866893024726892490999",
"38577917396128475517684672596774234475",
"240885585856387815508364625054360497555",
"322207602705120837612526357542723946951",
"278241018481212470224003552691962689848",
"217162923221619689034324020210012388870",
"244115175658325575402040882176763610066",
"120161770630727643066754033475481804625",
"320035095762742564836457713297760943851",
"64224552263924846736809348660244745000",
"257756027529086684883451650046822075656",
"199864256522233655233665890500178687160",
"332046986212545570613913913668821635090",
"143217145833433259806721546597629587088",
"73718802862739738733868328060860796805",
"237026516574674726768852426503266552203",
"11442659811247398935871165781964771063",
"251610253758206766237377044183457906135",
"149550655754241049260693973062655248037",
"291100489383228519992580295723060472619",
"334766151591140172118653741836670635716",
"284908746276751870676230557139971632609",
"195441250165749561576551672722982575925",
"239307072706037395091672855138000089138",
"39679281498959593754832644387038551433",
"61743712150074539596202249023100795955",
"26832323346331745730346839315416402510",
"172845945342097775794060659809249663674",
"197309061463182479386661623790745142768",
"162777351177480005900893020190441201435",
"153634462566806490702707634302742856206",
"21189261562126720498954779181688666159"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
]
}