7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.07 Low
EPSS
Percentile
93.8%
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Intrusion Prevention System.
CVEID: CVE-2015-5621**
DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105232 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| 4.6.2.0-ISS-ProvG-AllModels-System-FP0010
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| 4.6.1.0-ISS-ProvG-AllModels-System-FP0014
IBM Security Network Intrusion Prevention System | Firmware version 4.6| 4.6.0.0-ISS-ProvG-AllModels-System-FP0012
IBM Security Network Intrusion Prevention System | Firmware version 4.5| 4.5.0.0-ISS-ProvG-AllModels-System-FP0014
IBM Security Network Intrusion Prevention System | Firmware version 4.4| 4.4.0.0-ISS-ProvG-AllModels-System-FP0014
IBM Security Network Intrusion Prevention System | Firmware version 4.3| 4.3.0.0-ISS-ProvG-AllModels-System-FP0012
None