The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2022-24810

CVE-2022-24810: Net-SNMP Privilege Escalation Vulnerability

CVE-2022-24810 is a privilege escalation vulnerability in Net-SNMP that allows attackers with read-write credentials to cause a NULL pointer dereference. This article covers technical details, affected versions, and mitigation.

Published: February 17, 2026

CVE-2022-24810 Overview

CVE-2022-24810 is a Null Pointer Dereference vulnerability affecting net-snmp, a widely-used suite of tools for the Simple Network Management Protocol (SNMP). Prior to version 5.9.2, an authenticated attacker with read-write credentials can exploit this vulnerability by sending a malformed OID in a SET request to the nsVacmAccessTable, causing a NULL pointer dereference that can lead to denial of service or potentially other impacts.

Net-snmp is deployed extensively across enterprise networks for monitoring and managing network devices, making this vulnerability particularly concerning for organizations relying on SNMP infrastructure for network operations.

Critical Impact

Authenticated attackers with read-write SNMP credentials can crash the SNMP daemon through malformed OID manipulation, potentially disrupting network monitoring and management capabilities across the entire infrastructure.

Affected Products

  • Net-SNMP versions prior to 5.9.2
  • Debian Linux 10.0
  • Fedora 36

Discovery Timeline

  • 2022 - Vulnerability discovered by Yu Zhang of VARAS@IIE and Nanyu Zhong of VARAS@IIE
  • 2022 - Arista Networks provided fixes
  • 2024-04-16 - CVE-2022-24810 published to NVD
  • 2025-02-11 - Last updated in NVD database

Technical Details for CVE-2022-24810

Vulnerability Analysis

This vulnerability is a Null Pointer Dereference (CWE-476) that occurs when the net-snmp daemon processes malformed Object Identifiers (OIDs) in SET requests targeting the nsVacmAccessTable. The vulnerability requires network access and authenticated read-write credentials, but once exploited, can result in a complete denial of service of the SNMP agent.

The nsVacmAccessTable is part of the NET-SNMP-VACM-MIB and is used for View-based Access Control Model (VACM) configuration. When a specially crafted malformed OID is provided in a SET operation, the code fails to properly validate the input, resulting in a NULL pointer being dereferenced during processing.

This vulnerability is part of a series of related security issues (CVE-2022-24805 through CVE-2022-24810) affecting net-snmp's handling of VACM-related MIB objects, all addressed in version 5.9.2.

Root Cause

The root cause lies in insufficient input validation within the net-snmp codebase when processing OID values in SET requests to the nsVacmAccessTable. The code does not properly handle edge cases where malformed OIDs are provided, leading to a code path where a NULL pointer is dereferenced. The fix implemented proper validation checks to ensure OID integrity before processing.

Attack Vector

The attack requires an authenticated user with read-write SNMP credentials to send a specially crafted SET request containing a malformed OID to the nsVacmAccessTable. The attack is network-accessible and does not require user interaction, though it does require valid authentication credentials.

text
# Security patch excerpt from net-snmp CHANGES file
# Source: https://github.com/net-snmp/net-snmp/commit/ce66eb97c17aa9a48bc079be7b65895266fa6775

*5.9.2*:
    security:
      - These two CVEs can be exploited by a user with read-only credentials:
          - CVE-2022-24805 A buffer overflow in the handling of the INDEX of
            NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
          - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable
            can cause a NULL pointer dereference.
      - These CVEs can be exploited by a user with read-write credentials:
          - CVE-2022-24806 Improper Input Validation when SETing malformed
            OIDs in master agent and subagent simultaneously
          - CVE-2022-24807 A malformed OID in a SET request to
            SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
            out-of-bounds memory access.
          - CVE-2022-24808 A malformed OID in a SET request to
            NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
          - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable
            can cause a NULL pointer dereference.
      - To avoid these flaws, use strong SNMPv3 credentials and do not share them.
        If you must use SNMPv1 or SNMPv2c, use a complex community string
        and enhance the protection by restricting access to a given IP address range.

Source: GitHub Commit ce66eb97

Detection Methods for CVE-2022-24810

Indicators of Compromise

  • Unexpected SNMP daemon crashes or restarts, particularly correlating with SET operations
  • SNMP agent becoming unresponsive after processing requests to nsVacmAccessTable
  • Abnormal SNMP SET requests targeting VACM-related MIB objects from unusual source IPs
  • Core dumps or crash logs indicating NULL pointer dereference in snmpd process

Detection Strategies

  • Monitor SNMP daemon stability and implement alerting for unexpected process terminations
  • Analyze SNMP logs for SET requests targeting nsVacmAccessTable with unusual OID patterns
  • Deploy network monitoring to detect anomalous SNMP traffic patterns, particularly SET operations
  • Implement SIEM rules to correlate SNMP daemon crashes with preceding network activity

Monitoring Recommendations

  • Enable verbose SNMP logging to capture detailed request information for forensic analysis
  • Configure process monitoring to alert on snmpd crashes and automatic restart events
  • Implement network flow analysis to baseline normal SNMP traffic and detect anomalies
  • Review authentication logs for unauthorized or suspicious read-write credential usage

How to Mitigate CVE-2022-24810

Immediate Actions Required

  • Upgrade net-snmp to version 5.9.2 or later which contains the security patch
  • Use strong SNMPv3 credentials with authentication and privacy protocols enabled
  • Restrict SNMP access to trusted IP address ranges using firewall rules or access control lists
  • If using SNMPv1 or SNMPv2c, implement complex community strings and IP-based access restrictions

Patch Information

The vulnerability is fixed in net-snmp version 5.9.2. The patch was developed with contributions from Arista Networks and addresses this vulnerability along with several related CVEs (CVE-2022-24805 through CVE-2022-24809). Multiple Linux distributions have released security updates:

  • Debian: DSA-5209 and LTS Announcement
  • Fedora: Package Announcement
  • Gentoo: GLSA 202210-29

Workarounds

  • Migrate from SNMPv1/v2c to SNMPv3 with strong authentication and encryption
  • Implement strict IP-based access controls to limit SNMP management access
  • Remove or disable read-write community strings where full management access is not required
  • Consider network segmentation to isolate SNMP management traffic from general network access
bash
# Example: Restrict SNMP access to specific IP ranges in snmpd.conf
# Only allow SNMPv3 authenticated users from trusted management network
rocommunity public 192.168.1.0/24
rwcommunity private 192.168.1.100
# Better: Use SNMPv3 with authentication and privacy
rouser authOnlyUser authpriv -V systemview
rwuser authPrivUser authpriv -V systemview
# Restrict access by source IP in firewall (iptables example)
# iptables -A INPUT -p udp --dport 161 -s 192.168.1.0/24 -j ACCEPT
# iptables -A INPUT -p udp --dport 161 -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePrivilege Escalation
  • Vendor/TechNet Snmp
  • SeverityHIGH
  • CVSS Score8.8
  • EPSS Probability0.16%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-476
  • Technical References
  • Red Hat Bug #2103225
  • Red Hat Bug #2105241
  • GitHub Commit ce66eb97
  • Debian LTS Announcement
  • Fedora Package Announcement
  • Gentoo GLSA 202210-29
  • Debian Security Advisory DSA-5209
  • Related CVEs
  • CVE-2022-24809: Net-SNMP NULL Pointer Dereference DOS
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English