Vulnerability Details : CVE-2020-6059
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2020-6059
- cpe:2.3:a:minisnmpd_project:minisnmpd:1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-6059
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-6059
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST | |
8.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
Talos | |
8.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
NIST |
CWE ids for CVE-2020-6059
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-6059
-
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0976
TALOS-2019-0976 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceBroken Link;Third Party Advisory
-
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-0976
TALOS-2020-0976 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
Jump to