CVE-2020-15862
- Source
- https://cve.org/CVERecord?id=CVE-2020-15862
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15862.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15862
- Downstream
- Related
- Published
- 2020-08-20T01:17:13.897Z
- Modified
- 2026-03-19T12:40:19.019271Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
- References
-
- https://security-tracker.debian.org/tracker/CVE-2020-15862
- https://security.gentoo.org/glsa/202008-12
- https://security.netapp.com/advisory/ntap-20200904-0001/
- https://usn.ubuntu.com/4471-1/
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166
- https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
- https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e
Affected packages
Git / github.com/net-snmp/net-snmp
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.10
v5.0.10.2
v5.0.11
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.4.1
v5.2
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.4.pre1
v5.2.4.pre2
v5.2.4.pre3
v5.2.4.rc1
v5.2.4.rc2
v5.2.5
v5.2.5.pre1
v5.2.5.pre2
v5.2.5.rc1
v5.2.5.rc2
v5.2.6
v5.2.6.pre1
v5.2.6.pre2
v5.2.6.rc1
v5.2.6.rc2
v5.2.6.rc3
v5.3
v5.3.1
v5.3.2
v5.3.2.pre1
v5.3.2.rc1
v5.3.3
v5.3.3.pre1
v5.3.3.rc1
v5.3.3.rc2
v5.3.4
v5.3.4.pre1
v5.3.4.pre2
v5.3.4.rc1
v5.4
v5.4.1
v5.4.1.pre1
v5.4.1.pre2
v5.4.1.pre3
v5.4.1.rc1
v5.4.1.rc2
v5.4.1.rc3
v5.4.1.rc4
v5.4.2
v5.4.2.pre1
v5.4.2.pre2
v5.4.2.rc1
v5.4.2.rc2
v5.4.2.rc3
v5.4.3
v5.4.3.pre1
v5.4.3.pre2
v5.4.3.rc1
v5.4.3.rc2
v5.4.3.rc3
v5.4.4
v5.4.4.pre1
v5.4.4.pre2
v5.4.4.rc1
v5.4.5.pre1
v5.4.5.pre2
v5.5
v5.5.1
v5.5.1.rc2
v5.5.2
v5.5.2.pre1
v5.5.2.rc1
v5.5.2.rc2
v5.5.2.rc3
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.1
v5.6.1.pre1
v5.6.1.pre2
v5.6.1.rc1
v5.6.1.rc2
v5.6.2
v5.6.2.pre1
v5.6.2.pre2
v5.6.2.rc1
v5.6.2.rc2
v5.6.2.rc3
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.1
v5.7.1.pre1
v5.7.1.pre2
v5.7.1.rc1
v5.7.1.rc2
v5.7.1.rc3
v5.7.2
v5.7.2.pre1
v5.7.2.pre2
v5.7.2.pre3
v5.7.2.rc1
v5.7.2.rc2
v5.7.2.rc3
v5.7.3
v5.7.3.pre1
v5.7.3.pre2
v5.7.3.pre3
v5.7.3.pre4
v5.7.3.pre5
v5.7.3.rc1
v5.7.3.rc2
v5.7.3.rc3
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.04"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15862.json"
vanir_signatures
[
{
"id": "CVE-2020-15862-04e19943",
"deprecated": false,
"digest": {
"length": 9271.0,
"function_hash": "168126842589556839519669983730365362130"
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"target": {
"function": "handle_nsExtendConfigTable",
"file": "agent/mibgroup/agent/extend.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2020-15862-47f67391",
"deprecated": false,
"digest": {
"length": 821.0,
"function_hash": "324934863496545396025090335580678431555"
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"target": {
"function": "fixExec2Error",
"file": "agent/mibgroup/agent/extend.c"
},
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "CVE-2020-15862-5385aeff",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"160382126734202674681144535403338919409",
"292824773818941776052985057530600565348",
"117093767884005896506214374923466371893",
"153887981556162111395467978566793611856",
"304548919929739460042427222392484181457",
"252983075219966496628509281461955283348",
"158242383511248042541185602283552251988",
"98122535300492461348015372959760569968",
"84141191864820422749253422037217897627",
"280175792542161621203133292429721249072",
"121001552494923370436879991271021038415",
"3598910393246450005704482474149929215",
"319352373915069118550616144745180834572",
"290887612190499742534011183377797667151",
"280553204632066801854360105056994083320",
"30350696284143358276391654732140777753",
"124520032205378816472060548262952644942",
"302478858594664857332311134752383174524",
"234635746856935271453069637068018831103",
"111656735251291391883623057449194990850",
"108127288387902992133428563749627954087",
"120781652379473419448725747206302201239",
"275293827951289342513748652240830857287",
"123147406844998894071053026392993388614",
"55432564476577231908975284108535574993",
"302478858594664857332311134752383174524",
"84824618504714555464659388230927545211"
]
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"target": {
"file": "agent/mibgroup/agent/extend.c"
},
"signature_type": "Line",
"signature_version": "v1"
}
]