CVE-2022-24808

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a `SET` request to `NET-SNMP-AGENT-MIB::nsLogTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2103225
https://bugzilla.redhat.com/show_bug.cgi?id=2105240
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
https://security.gentoo.org/glsa/202210-29
https://www.debian.org/security/2022/dsa-5209
https://bugzilla.redhat.com/show_bug.cgi?id=2103225
https://bugzilla.redhat.com/show_bug.cgi?id=2105240
https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937
https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775
https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/
https://security.gentoo.org/glsa/202210-29
https://www.debian.org/security/2022/dsa-5209
Configurations

No configuration.

History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 - () https://bugzilla.redhat.com/show_bug.cgi?id=2103225 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2105240 - () https://bugzilla.redhat.com/show_bug.cgi?id=2105240 -
References () https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 - () https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 -
References () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 - () https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775 -
References () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html - () https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/ -
References () https://security.gentoo.org/glsa/202210-29 - () https://security.gentoo.org/glsa/202210-29 -
References () https://www.debian.org/security/2022/dsa-5209 - () https://www.debian.org/security/2022/dsa-5209 -

17 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administración de red. Antes de la versión 5.9.2, un usuario con credenciales de lectura y escritura podía utilizar un OID con formato incorrecto en una solicitud `SET` a `NET-SNMP-AGENT-MIB::nsLogTable` para provocar una desreferencia del puntero NULL. La versión 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protección restringiendo el acceso a un rango de direcciones IP determinado.

16 Apr 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-16 20:15

Updated : 2024-11-21 06:51

NVD link : CVE-2022-24808

Mitre link : CVE-2022-24808

CVE.ORG link : CVE-2022-24808

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024