A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | net-snmp | 2021-01-12 22:51 | ALAS-2021-1465 |
Amazon Linux 2 - Core | net-snmp | 2021-01-05 23:34 | ALAS2-2021-1582 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
NVD | CVSSv2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |