CVE-2022-24810

{"id": "CVE-2022-24810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-04-16T20:15:09.227", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105241", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", "tags": ["Mailing List", "Product"], "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202210-29", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.debian.org/security/2022/dsa-5209", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103225", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105241", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00020.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX75KKGMO5XMV6JMQZF6KOG3JPFNQBY7/", "tags": ["Mailing List", "Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/202210-29", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2022/dsa-5209", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-476"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.\n"}, {"lang": "es", "value": "net-snmp proporciona varias herramientas relacionadas con el protocolo simple de administraci\u00f3n de red. Antes de la versi\u00f3n 5.9.2, un usuario con credenciales de lectura y escritura pod\u00eda utilizar un OID con formato incorrecto en un SET de nsVacmAccessTable para provocar una desreferencia del puntero NULL. La versi\u00f3n 5.9.2 contiene un parche. Los usuarios deben utilizar credenciales SNMPv3 seguras y evitar compartirlas. Aquellos que deben utilizar SNMPv1 o SNMPv2c deben utilizar una cadena de comunidad compleja y mejorar la protecci\u00f3n restringiendo el acceso a un rango de direcciones IP determinado."}], "lastModified": "2025-02-11T21:56:27.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79AD3D1F-9090-4939-8C82-E676C8C0FBC7", "versionEndExcluding": "5.9.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}