cbcvebase.
CVE-2022-44792
published 2022-11-07

CVE-2022-44792: handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker…

PriorityP346medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
52.05%
98.8th percentile
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiannet-snmp< net-snmp 5.9.3+dfsg-2 (bookworm)net-snmp 5.9.3+dfsg-2 (bookworm)
msrcazl3_net-snmp_5.9.4-1_on_azure_linux_3.0
msrccbl2_net-snmp_5.9.4-1_on_cbl_mariner_2.0
msrccm1_net-snmp_5.9-4_on_cbl_mariner_1.0
net-snmpnet-snmp>= 0 < 5.9+dfsg-4+deb11u25.9+dfsg-4+deb11u2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp>= 0 < 5.9.3+dfsg-25.9.3+dfsg-2
net-snmpnet-snmp5.8 – 5.9.3
paloaltopan-os

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a crafted UDP packet sent to a Net-SNMP agent with write access; monitor for unexpected SNMP SET requests targeting ipDefaultTTL (OID in ip-mib) that may cause agent crashes.
  • Focus detection on SNMP write-access attempts (SNMP SET operations) over UDP from remote/untrusted sources targeting Net-SNMP instances running versions 5.8 through 5.9.3.
  • ·Only Net-SNMP versions 5.8 through 5.9.3 are affected; Red Hat Enterprise Linux 6 and 7 ship versions that are NOT affected.
  • ·The attacker must already have SNMP write access to exploit this vulnerability; deployments that restrict SNMP community strings or use SNMPv3 with strong authentication reduce exposure.
  • ·Debian fixed the issue in specific package versions per release: bookworm/forky/sid/trixie fixed in 5.9.3+dfsg-2; bullseye fixed in 5.9+dfsg-4+deb11u2.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.