#VU2215 Remote code execution in Net-snmp - CVE-2015-5621

Cybersecurity Help s.r.o.

Published: 2016-12-21 | Updated: 2018-03-28

Vulnerability identifier: #VU2215

Vulnerability risk: High

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-5621

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Net-snmp
Server applications / Remote management servers, RDP, SSH

Vendor: net-snmp.sourceforge.net

Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to the snmp_pdu_parse function in snmp_api.c does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails. A remote attacker can supply specially crafted input and cause denial of service or execute arbitrary code with elevated privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Net-snmp: 5.7.2

External links
https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens Industrial Products

Debian update for net-snmp

Amazon Linux AMI update for net-snmp

Red Hat update for net-snmp

Remote code execution in net-snmp (Alpine package)

Remote code execution in linux-firmware (Alpine package)