Vulnerability Details : CVE-2012-6151
Potential exploit
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
Vulnerability category: Denial of service
Products affected by CVE-2012-6151
- cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.7:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.6:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:5.5:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6151
22.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6151
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-6151
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6151
-
http://sourceforge.net/p/net-snmp/bugs/2411/
net-snmp / Bugs / #2411 snmpd crashes/hangs when AgentX subagent times-outExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=1038007
1038007 – (CVE-2012-6151) CVE-2012-6151 net-snmp: snmpd crashes/hangs when AgentX subagent times-out
-
http://www.ubuntu.com/usn/USN-2166-1
USN-2166-1: Net-SNMP vulnerabilities | Ubuntu security notices
-
https://rhn.redhat.com/errata/RHSA-2014-0322.html
RHSA-2014:0322 - Security Advisory - Red Hat Customer Portal
-
http://seclists.org/oss-sec/2013/q4/415
oss-sec: Re: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out
-
http://seclists.org/oss-sec/2013/q4/398
oss-sec: SNMPD DoS #2411 snmpd crashes/hangs when AgentX subagent times-out
-
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
Apple - Lists.apple.com
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView
-
https://support.apple.com/HT205375
About the security content of OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks - Apple Support
-
http://secunia.com/advisories/55804
Sign in
-
http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml
Net-SNMP: Denial of Service (GLSA 201409-02) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89485
Net-SNMP subagent AgentX denial of service CVE-2012-6151 Vulnerability Report
-
http://secunia.com/advisories/57870
Sign in
-
http://secunia.com/advisories/59974
Sign in
-
http://www.securityfocus.com/bid/64048
Net-SNMP SNMPD AgentX Subagent Timeout Denial of Service VulnerabilityExploit
Jump to