Vulnerability Description
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Net-Snmp | Net-Snmp | <= 5.7.3 |
| Canonical | Ubuntu Linux | 12.04 |
| Netapp | Cloud Backup | - |
| Netapp | Smi-S Provider | - |
| Netapp | Solidfire \& Hci Management Node | - |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599Issue TrackingThird Party Advisory
- https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41PatchThird Party Advisory
- https://github.com/net-snmp/net-snmp/issues/145Third Party Advisory
- https://security.gentoo.org/glsa/202008-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200904-0001/Third Party Advisory
- https://usn.ubuntu.com/4471-1/Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599Issue TrackingThird Party Advisory
- https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41PatchThird Party Advisory
- https://github.com/net-snmp/net-snmp/issues/145Third Party Advisory
- https://security.gentoo.org/glsa/202008-12Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200904-0001/Third Party Advisory
- https://usn.ubuntu.com/4471-1/Third Party Advisory
FAQ
What is CVE-2020-15861?
CVE-2020-15861 is a vulnerability with a CVSS score of 7.8 (HIGH). Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
How severe is CVE-2020-15861?
CVE-2020-15861 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15861?
Check the references section above for vendor advisories and patch information. Affected products include: Net-Snmp Net-Snmp, Canonical Ubuntu Linux, Netapp Cloud Backup, Netapp Smi-S Provider, Netapp Solidfire \& Hci Management Node.