| CVE-2022-24805 | Date: (C)2022-08-16 (M)2024-05-15 |
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V3 Severity: | CVSS V2 Severity: |
| CVSS Score : 6.5 | CVSS Score : |
| Exploit Score: | Exploit Score: |
| Impact Score: | Impact Score: |
| |
| CVSS V3 Metrics: | CVSS V2 Metrics: |
| Attack Vector: | Access Vector: |
| Attack Complexity: | Access Complexity: |
| Privileges Required: | Authentication: |
| User Interaction: | Confidentiality: |
| Scope: | Integrity: |
| Confidentiality: | Availability: |
| Integrity: | |
| Availability: | |
| | |
