SNMP Vulnerability in Net-SNMP Affecting Multiple Vendors
CVE-2014-3565

Currently unrated

Key Information:

Vendor

Apple

Vendor
CVE Published:
7 October 2014

What is CVE-2014-3565?

The vulnerability in net-snmp versions 5.7.0 and earlier arises when the -OQ option is used, allowing remote attackers to exploit crafted SNMP trap messages. This exploitation leads to the remote execution of a denial of service attack by triggering a crash of the snmptrapd service. Specifically, this occurs due to a type conversion issue in the MIB file, often demonstrated by an unexpected NULL type in an ifMtu trap message, which results in instability of the SNMP service.

References

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-3565 : SNMP Vulnerability in Net-SNMP Affecting Multiple Vendors