Vulnerability Details : CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2022-44792
Probability of exploitation activity in the next 30 days: 0.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 73 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-44792
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-44792
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-44792
-
https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html
[SECURITY] [DLA 3270-1] net-snmp security updateMailing List;Third Party Advisory
-
https://github.com/net-snmp/net-snmp/issues/474
NULL Pointer Exception when handling ipDefaultTTL · Issue #474 · net-snmp/net-snmp · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230223-0011/
November 2022 Net-SNMP Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428
snmp_ddos_ipttl.sh · GitHubExploit;Third Party Advisory
Products affected by CVE-2022-44792
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*