CVE-2015-8100 — Sensitive Information Exposure in Net-snmp

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 66.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Net-snmp Debian Net-snmp Msrc CBL Mariner 1.0 ARM +1 more

Timeline

PublishedNov 10

Latest updateMay 17

Description

The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶Alpinenet-snmp/net-snmp< 5.9.3-r1+9

▶NVDnet-snmp/net-snmp5.8

▶debiandebian/net-snmp

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

🔴Vulnerability Details

GHSA

GHSA-88wg-39x8-pwf8: The net-snmp package in OpenBSD through 5↗2022-05-17

▶

OSV

CVE-2015-8100: The net-snmp package in OpenBSD through 5↗2015-11-10

▶

📋Vendor Advisories

Microsoft

CVE-2015-8100: NIST NVD Details: https://nvd↗2020-08-11

▶

Debian

CVE-2015-8100: net-snmp - The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf...↗2015

▶