{"id":"CVE-2020-15862","details":"Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.","modified":"2026-05-30T13:45:38.205923Z","published":"2020-08-20T01:17:13.897Z","related":["SUSE-SU-2021:4191-1","SUSE-SU-2022:0030-1","SUSE-SU-2022:0050-1","SUSE-SU-2022:0050-2","openSUSE-SU-2022:0050-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"20.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"],"source":"CPE_STRING","vendor_product":"canonical:ubuntu_linux"}]},"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2020-15862"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202008-12"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200904-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4471-1/"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166"},{"type":"FIX","url":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205"},{"type":"FIX","url":"https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/net-snmp/net-snmp","events":[{"introduced":"0"},{"fixed":"ee7ef662f83ef70b38ea112ca33ec5a3f7a4aa43"},{"fixed":"77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"5.8.1"}],"cpe":"cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["v5.8.1.pre2","v5.8.1.pre1","v5.8","v5.8.rc4","v5.8.rc3","v5.8.rc2","v5.8.rc1","v5.8.pre3","v5.8.pre2","v5.8.pre1","v5.7","v5.7.rc3","v5.7.rc2","v5.7.rc1","v5.7.pre2","v5.7.pre1","v5.6","v5.6.rc3","v5.6.rc2","v5.6.rc1","v5.6.pre3","v5.6.pre2","v5.6.pre1","v5.5","v5.5.rc3","v5.5.rc2","v5.5.rc1","v5.5.pre3","v5.5.pre2","v5.5.pre1","v5.1.4.1","v5.0.11.1","v5.4","v5.3","v5.2","v5.1","v5.0.7","v5.0.6","v5.0.5","v5.0.4","v5.0.3","v5.0.2","v5.0.1","v5.0","v4.2","v4.1.1","v4.1","v4.0.1","v4.0","v3.6.1","v3.6","v3.5","v3.4","v3.3","v3.2","v3.1.3","v3.1.2.1","v3.1.2","v3.1.1","v3.1.0.1","v3.1","v3.0.7.2","v3.0.7.1","v3.0.7","v3.0.6","v3.0.5","v3.0.4","v3.0.3","v3.0.2.1","v3.0.2","v3.0.1","v3.0"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"168126842589556839519669983730365362130","length":9271},"signature_version":"v1","id":"CVE-2020-15862-04e19943","source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","deprecated":false,"target":{"function":"handle_nsExtendConfigTable","file":"agent/mibgroup/agent/extend.c"}},{"signature_type":"Function","digest":{"function_hash":"324934863496545396025090335580678431555","length":821},"signature_version":"v1","id":"CVE-2020-15862-47f67391","source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","deprecated":false,"target":{"function":"fixExec2Error","file":"agent/mibgroup/agent/extend.c"}},{"signature_type":"Line","digest":{"line_hashes":["160382126734202674681144535403338919409","292824773818941776052985057530600565348","117093767884005896506214374923466371893","153887981556162111395467978566793611856","304548919929739460042427222392484181457","252983075219966496628509281461955283348","158242383511248042541185602283552251988","98122535300492461348015372959760569968","84141191864820422749253422037217897627","280175792542161621203133292429721249072","121001552494923370436879991271021038415","3598910393246450005704482474149929215","319352373915069118550616144745180834572","290887612190499742534011183377797667151","280553204632066801854360105056994083320","30350696284143358276391654732140777753","124520032205378816472060548262952644942","302478858594664857332311134752383174524","234635746856935271453069637068018831103","111656735251291391883623057449194990850","108127288387902992133428563749627954087","120781652379473419448725747206302201239","275293827951289342513748652240830857287","123147406844998894071053026392993388614","55432564476577231908975284108535574993","302478858594664857332311134752383174524","84824618504714555464659388230927545211"],"threshold":0.9},"signature_version":"v1","id":"CVE-2020-15862-5385aeff","source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","deprecated":false,"target":{"file":"agent/mibgroup/agent/extend.c"}}],"vanir_signatures_modified":"2026-05-30T13:45:38Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15862.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}