Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
John_Fleming
Advisor

CVE-2020-15862 - Net-SNMP through 5.7.3 has Improper Privilege Management if write access is enabled

I was looking around and maybe i'm missing it, but has checkpoint addressed this issue? I'm not finding anything so far. Granted this seems to require write access be enabled which i'm guessing almost no one uses, but I was looking for some clarification. 

0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend

Fixed in the R80.40 Version: Check Point Gaia releases R77 - R80.30 use 3rd party net-snmp package version 5.4.2.1, Check Point release R80.40 (and above) use net-snmp package version 5.8 (sk158852).

CCSE CCTE SMB Specialist
0 Kudos
John_Fleming
Advisor

Oh great, so will you be posting a patch for anything below R80.40 then?

0 Kudos
John_Fleming
Advisor

Its kind of unclear, but this seems to be the fixed version in the net-snmp which shows 5.8.1rc1 ?

 

https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205

 

0 Kudos
PhoneBoy
Admin
Admin

When we patch an issue in third party code, we don't necessarily rev the version number unless we actually update the relevant codebase to that version.
Specific to this CVE, it appears that this issue requires expert/root on the relevant gateway to exploit.
If you have that kind of access, you can pretty much do anything you want anyway.

0 Kudos