CVE-2020-15862
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15862
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15862.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15862
- Downstream
- Related
- Published
- 2020-08-20T01:17:13Z
- Modified
- 2025-09-16T07:08:35.338319Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
- References
-
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166
- https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
- https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e
- https://security-tracker.debian.org/tracker/CVE-2020-15862
- https://security.gentoo.org/glsa/202008-12
- https://security.netapp.com/advisory/ntap-20200904-0001/
- https://usn.ubuntu.com/4471-1/
Affected packages
Debian:11 / net-snmp
Package
- Name
- net-snmp
- Purl
- pkg:deb/debian/net-snmp?arch=source
Debian:12 / net-snmp
Package
- Name
- net-snmp
- Purl
- pkg:deb/debian/net-snmp?arch=source
Debian:13 / net-snmp
Package
- Name
- net-snmp
- Purl
- pkg:deb/debian/net-snmp?arch=source
Debian:14 / net-snmp
Package
- Name
- net-snmp
- Purl
- pkg:deb/debian/net-snmp?arch=source
Git / github.com/net-snmp/net-snmp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/net-snmp/net-snmp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v3.*
v3.0
v3.0.1
v3.0.2
v3.0.2.1
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.7.1
v3.0.7.2
v3.1
v3.1.0.1
v3.1.1
v3.1.2
v3.1.2.1
v3.1.3
v3.2
v3.3
v3.4
v3.5
v3.6
v3.6.1
v4.*
v4.0
v4.0.1
v4.1
v4.1.1
v4.2
v5.*
v5.0
v5.0.1
v5.0.10
v5.0.10.2
v5.0.11
v5.0.11.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.4.1
v5.2
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.4.pre1
v5.2.4.pre2
v5.2.4.pre3
v5.2.4.rc1
v5.2.4.rc2
v5.2.5
v5.2.5.pre1
v5.2.5.pre2
v5.2.5.rc1
v5.2.5.rc2
v5.2.6
v5.2.6.pre1
v5.2.6.pre2
v5.2.6.rc1
v5.2.6.rc2
v5.2.6.rc3
v5.3
v5.3.1
v5.3.2
v5.3.2.pre1
v5.3.2.rc1
v5.3.3
v5.3.3.pre1
v5.3.3.rc1
v5.3.3.rc2
v5.3.4
v5.3.4.pre1
v5.3.4.pre2
v5.3.4.rc1
v5.4
v5.4.1
v5.4.1.pre1
v5.4.1.pre2
v5.4.1.pre3
v5.4.1.rc1
v5.4.1.rc2
v5.4.1.rc3
v5.4.1.rc4
v5.4.2
v5.4.2.pre1
v5.4.2.pre2
v5.4.2.rc1
v5.4.2.rc2
v5.4.2.rc3
v5.4.3
v5.4.3.pre1
v5.4.3.pre2
v5.4.3.rc1
v5.4.3.rc2
v5.4.3.rc3
v5.4.4
v5.4.4.pre1
v5.4.4.pre2
v5.4.4.rc1
v5.4.5.pre1
v5.4.5.pre2
v5.5
v5.5.1
v5.5.1.rc2
v5.5.2
v5.5.2.pre1
v5.5.2.rc1
v5.5.2.rc2
v5.5.2.rc3
v5.5.pre1
v5.5.pre2
v5.5.pre3
v5.5.rc1
v5.5.rc2
v5.5.rc3
v5.6
v5.6.1
v5.6.1.pre1
v5.6.1.pre2
v5.6.1.rc1
v5.6.1.rc2
v5.6.2
v5.6.2.pre1
v5.6.2.pre2
v5.6.2.rc1
v5.6.2.rc2
v5.6.2.rc3
v5.6.pre1
v5.6.pre2
v5.6.pre3
v5.6.rc1
v5.6.rc2
v5.6.rc3
v5.7
v5.7.1
v5.7.1.pre1
v5.7.1.pre2
v5.7.1.rc1
v5.7.1.rc2
v5.7.1.rc3
v5.7.2
v5.7.2.pre1
v5.7.2.pre2
v5.7.2.pre3
v5.7.2.rc1
v5.7.2.rc2
v5.7.2.rc3
v5.7.3
v5.7.3.pre1
v5.7.3.pre2
v5.7.3.pre3
v5.7.3.pre4
v5.7.3.pre5
v5.7.3.rc1
v5.7.3.rc2
v5.7.3.rc3
v5.7.pre1
v5.7.pre2
v5.7.rc1
v5.7.rc2
v5.7.rc3
v5.8
v5.8.1.pre1
v5.8.1.pre2
v5.8.pre1
v5.8.pre2
v5.8.pre3
v5.8.rc1
v5.8.rc2
v5.8.rc3
v5.8.rc4
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15862-04e19943",
"signature_version": "v1",
"target": {
"function": "handle_nsExtendConfigTable",
"file": "agent/mibgroup/agent/extend.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"digest": {
"function_hash": "168126842589556839519669983730365362130",
"length": 9271.0
}
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2020-15862-47f67391",
"signature_version": "v1",
"target": {
"function": "fixExec2Error",
"file": "agent/mibgroup/agent/extend.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"digest": {
"function_hash": "324934863496545396025090335580678431555",
"length": 821.0
}
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2020-15862-5385aeff",
"signature_version": "v1",
"target": {
"file": "agent/mibgroup/agent/extend.c"
},
"source": "https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205",
"digest": {
"line_hashes": [
"160382126734202674681144535403338919409",
"292824773818941776052985057530600565348",
"117093767884005896506214374923466371893",
"153887981556162111395467978566793611856",
"304548919929739460042427222392484181457",
"252983075219966496628509281461955283348",
"158242383511248042541185602283552251988",
"98122535300492461348015372959760569968",
"84141191864820422749253422037217897627",
"280175792542161621203133292429721249072",
"121001552494923370436879991271021038415",
"3598910393246450005704482474149929215",
"319352373915069118550616144745180834572",
"290887612190499742534011183377797667151",
"280553204632066801854360105056994083320",
"30350696284143358276391654732140777753",
"124520032205378816472060548262952644942",
"302478858594664857332311134752383174524",
"234635746856935271453069637068018831103",
"111656735251291391883623057449194990850",
"108127288387902992133428563749627954087",
"120781652379473419448725747206302201239",
"275293827951289342513748652240830857287",
"123147406844998894071053026392993388614",
"55432564476577231908975284108535574993",
"302478858594664857332311134752383174524",
"84824618504714555464659388230927545211"
],
"threshold": 0.9
}
}
]
}