Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Upstream commit: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 Reference:https://security.gentoo.org/glsa/202008-12
Flaw summary: The NET-SNMP-EXTEND-MIB is supported by default and used to extend the SNMP Agent with shell scripts. It allows non-root users with SNMP WRITE access to potentially execute arbitrary commands as root. This does not occur if the read-only build option was enabled (NETSNMP_NO_WRITE_SUPPORT). An attacker could exploit this flaw by placing an `extend` directive in a config file which specifies the location of a malicious shell script.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:5129 https://access.redhat.com/errata/RHSA-2020:5129
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15862
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5201 https://access.redhat.com/errata/RHSA-2020:5201
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5350 https://access.redhat.com/errata/RHSA-2020:5350
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:5372 https://access.redhat.com/errata/RHSA-2020:5372
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2020:5420 https://access.redhat.com/errata/RHSA-2020:5420
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:5480 https://access.redhat.com/errata/RHSA-2020:5480
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0257 https://access.redhat.com/errata/RHSA-2021:0257
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0358 https://access.redhat.com/errata/RHSA-2021:0358
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:0525 https://access.redhat.com/errata/RHSA-2021:0525