CVE-2022-44792

moderate-risk

Published 2022-11-07

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Do I need to act?

1.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (6)

Net-Snmp

Debian Linux

H300S Firmware

H500S Firmware

H700S Firmware

H410S Firmware

Affected Vendors

Debian Net-Snmp Netapp

References (8)

Exploit https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428

Exploit https://github.com/net-snmp/net-snmp/issues/474

Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20230223-0011/

Exploit https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428

Exploit https://github.com/net-snmp/net-snmp/issues/474

Mailing List https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20230223-0011/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 5/34 · Minimal

Exposure 13/34 · Low