Vulnerability Details CVE-2018-18066
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
- https://security.netapp.com/advisory/ntap-20181107-0001/
- https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
- https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
- https://security.netapp.com/advisory/ntap-20181107-0001/
- https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
- https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Products affected by CVE-2018-18066
-
cpe:2.3:a:net-snmp:net-snmp:5.0
-
cpe:2.3:a:net-snmp:net-snmp:5.0.1
-
cpe:2.3:a:net-snmp:net-snmp:5.0.2
-
cpe:2.3:a:net-snmp:net-snmp:5.0.3
-
cpe:2.3:a:net-snmp:net-snmp:5.0.4
-
cpe:2.3:a:net-snmp:net-snmp:5.0.5
-
cpe:2.3:a:net-snmp:net-snmp:5.0.6
-
cpe:2.3:a:net-snmp:net-snmp:5.0.7
-
cpe:2.3:a:net-snmp:net-snmp:5.0.8
-
cpe:2.3:a:net-snmp:net-snmp:5.0.9
-
cpe:2.3:a:net-snmp:net-snmp:5.1
-
cpe:2.3:a:net-snmp:net-snmp:5.1.2
-
cpe:2.3:a:net-snmp:net-snmp:5.2
-
cpe:2.3:a:net-snmp:net-snmp:5.3
-
cpe:2.3:a:net-snmp:net-snmp:5.3.0.1
-
cpe:2.3:a:net-snmp:net-snmp:5.4
-
cpe:2.3:a:net-snmp:net-snmp:5.4.2.1
-
cpe:2.3:a:net-snmp:net-snmp:5.5
-
cpe:2.3:a:net-snmp:net-snmp:5.6
-
cpe:2.3:a:net-snmp:net-snmp:5.7
-
cpe:2.3:a:net-snmp:net-snmp:5.7.1
-
cpe:2.3:a:net-snmp:net-snmp:5.7.2
-
cpe:2.3:a:net-snmp:net-snmp:5.7.3
-
cpe:2.3:a:netapp:cloud_backup:-
-
cpe:2.3:a:netapp:hyper_converged_infrastructure:-
-
cpe:2.3:a:netapp:storagegrid_webscale:-
-
cpe:2.3:o:netapp:data_ontap:-
-
cpe:2.3:o:netapp:e-series_santricity_os_controller:*
-
cpe:2.3:o:netapp:solidfire_element_os:-