CVE-2020-6059

{"id": "CVE-2020-6059", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2020-02-04T20:15:12.917", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0976", "tags": ["Broken Link", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-0976", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0976", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-0976", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura fuera de l\u00edmites explotable en la manera en que MiniSNMPD versi\u00f3n 1.4 analiza los paquetes SNMP entrantes. Una petici\u00f3n SNMP especialmente dise\u00f1ada puede desencadenar una lectura de memoria fuera de l\u00edmites que puede resultar en una divulgaci\u00f3n de informaci\u00f3n confidencial y una Denegaci\u00f3n de Servicio. A fin de desencadenar esta vulnerabilidad, un atacante necesita enviar un paquete especialmente dise\u00f1ado hacia el servidor vulnerable."}], "lastModified": "2024-11-21T05:35:00.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:minisnmpd_project:minisnmpd:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FEA7058-A147-44F4-BEE8-ABFB773F4456"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}