{"id":"CVE-2020-15862","details":"Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.","modified":"2026-04-11T21:20:01.713283Z","published":"2020-08-20T01:17:13.897Z","related":["SUSE-SU-2021:4191-1","SUSE-SU-2022:0030-1","SUSE-SU-2022:0050-1","SUSE-SU-2022:0050-2","openSUSE-SU-2022:0050-1"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2020-15862"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202008-12"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200904-0001/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4471-1/"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965166"},{"type":"FIX","url":"https://salsa.debian.org/debian/net-snmp/-/commit/fad8725402752746daf0a751dcff19eb6aeab52e"},{"type":"FIX","url":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/net-snmp/net-snmp","events":[{"introduced":"0"},{"fixed":"ee7ef662f83ef70b38ea112ca33ec5a3f7a4aa43"},{"fixed":"77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.8.1"}]}}],"versions":["v3.0","v3.0.1","v3.0.2","v3.0.2.1","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.7.1","v3.0.7.2","v3.1","v3.1.0.1","v3.1.1","v3.1.2","v3.1.2.1","v3.1.3","v3.2","v3.3","v3.4","v3.5","v3.6","v3.6.1","v4.0","v4.0.1","v4.1","v4.1.1","v4.2","v5.0","v5.0.1","v5.0.11.1","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6","v5.0.7","v5.1","v5.1.4.1","v5.2","v5.3","v5.4","v5.5","v5.5.pre1","v5.5.pre2","v5.5.pre3","v5.5.rc1","v5.5.rc2","v5.5.rc3","v5.6","v5.6.pre1","v5.6.pre2","v5.6.pre3","v5.6.rc1","v5.6.rc2","v5.6.rc3","v5.7","v5.7.pre1","v5.7.pre2","v5.7.rc1","v5.7.rc2","v5.7.rc3","v5.8","v5.8.1.pre1","v5.8.1.pre2","v5.8.pre1","v5.8.pre2","v5.8.pre3","v5.8.rc1","v5.8.rc2","v5.8.rc3","v5.8.rc4"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:20:01Z","vanir_signatures":[{"digest":{"length":9271,"function_hash":"168126842589556839519669983730365362130"},"signature_version":"v1","id":"CVE-2020-15862-04e19943","deprecated":false,"source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","signature_type":"Function","target":{"file":"agent/mibgroup/agent/extend.c","function":"handle_nsExtendConfigTable"}},{"digest":{"length":821,"function_hash":"324934863496545396025090335580678431555"},"signature_version":"v1","id":"CVE-2020-15862-47f67391","deprecated":false,"source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","signature_type":"Function","target":{"file":"agent/mibgroup/agent/extend.c","function":"fixExec2Error"}},{"digest":{"line_hashes":["160382126734202674681144535403338919409","292824773818941776052985057530600565348","117093767884005896506214374923466371893","153887981556162111395467978566793611856","304548919929739460042427222392484181457","252983075219966496628509281461955283348","158242383511248042541185602283552251988","98122535300492461348015372959760569968","84141191864820422749253422037217897627","280175792542161621203133292429721249072","121001552494923370436879991271021038415","3598910393246450005704482474149929215","319352373915069118550616144745180834572","290887612190499742534011183377797667151","280553204632066801854360105056994083320","30350696284143358276391654732140777753","124520032205378816472060548262952644942","302478858594664857332311134752383174524","234635746856935271453069637068018831103","111656735251291391883623057449194990850","108127288387902992133428563749627954087","120781652379473419448725747206302201239","275293827951289342513748652240830857287","123147406844998894071053026392993388614","55432564476577231908975284108535574993","302478858594664857332311134752383174524","84824618504714555464659388230927545211"],"threshold":0.9},"signature_version":"v1","id":"CVE-2020-15862-5385aeff","deprecated":false,"source":"https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205","signature_type":"Line","target":{"file":"agent/mibgroup/agent/extend.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15862.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}