CVE-2020-15861

Name: CVE-2020-15861
Creator: NVD / NIST
Published: 2020-08-20T01:17:13.837+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 0.46%

Last modified Jun 17, 2026

CVE-2020-15861 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.46%

36.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Net-Snmp	Net-Snmp	<= 5.7.3
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04
Canonical	Ubuntu Linux	20.04
Netapp	Cloud Backup	All versions
Netapp	Smi-S Provider	All versions
Netapp	Solidfire \& Hci Management Node	All versions

References

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599Issue Tracking, Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602Patch, Third Party Advisory
https://github.com/net-snmp/net-snmp/issues/145Third Party Advisory
https://security.gentoo.org/glsa/202008-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0001/Third Party Advisory
https://usn.ubuntu.com/4471-1/Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599Issue Tracking, Third Party Advisory
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602Patch, Third Party Advisory
https://github.com/net-snmp/net-snmp/issues/145Third Party Advisory
https://security.gentoo.org/glsa/202008-12Third Party Advisory
https://security.netapp.com/advisory/ntap-20200904-0001/Third Party Advisory
https://usn.ubuntu.com/4471-1/Third Party Advisory

Timeline

Published: Aug 20, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-15861?

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

How severe is CVE-2020-15861?

CVE-2020-15861 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2020-15861?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-15861?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST