Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by garrettcom
VAR-201209-0221
Vulnerability from variot - Updated: 2023-12-18 12:52The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. GarrettCom Magnum MNS-6K software can be used for integrated management of GarrettCom switches. Attackers can leverage this issue to gain unauthorized administrative access to the device running the affected software. The following versions are affected: MNS-6K 4.1.14 and prior MNS-6K-SECURE 4.1.14 and prior. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta
TITLE: Magnum MNS-6K Hardcoded Password Security Issue
SECUNIA ADVISORY ID: SA50418
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50418/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50418
RELEASE DATE: 2012-08-31
DISCUSS ADVISORY: http://secunia.com/advisories/50418/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50418/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50418
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in Magnum MNS-6K, which can be exploited by malicious, local users to gain escalated privileges. * Magnum MNS-6K version 14.1.14 SECURE and prior.
SOLUTION: Update to version 4.1.15 and 14.1.15.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Justin W. Clarke, Cylance Inc.
ORIGINAL ADVISORY: GarretCom: http://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0221",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum managed networks software-6k secure",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "14.3.0"
},
{
"model": "magnum managed networks software-6k secure",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "14.3.1"
},
{
"model": "magnum managed networks software-6k secure",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "14.2.1"
},
{
"model": "magnum managed networks software-6k secure",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "14.2"
},
{
"model": "magnum managed networks software-6k",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "4.2.1"
},
{
"model": "magnum managed networks software-6k",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "4.2"
},
{
"model": "magnum managed networks software-6k",
"scope": "eq",
"trust": 1.6,
"vendor": "garrettcom",
"version": "4.3.0"
},
{
"model": "magnum managed networks software-6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.3.1"
},
{
"model": "mns-6k secure",
"scope": "eq",
"trust": 0.8,
"vendor": "garrettcom",
"version": "14.4.0"
},
{
"model": "mns-6k secure",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "14.x"
},
{
"model": "magnum mns-6k software",
"scope": null,
"trust": 0.6,
"vendor": "garrettcom",
"version": null
},
{
"model": "magnum managed networks software-6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.3.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k_secure:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k_secure:14.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k_secure:14.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:garrettcom:magnum_managed_networks_software-6k_secure:14.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Justin W. Clarke of Cylance Inc.",
"sources": [
{
"db": "BID",
"id": "55334"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2012-3014",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3014",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-669",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. GarrettCom Magnum MNS-6K software can be used for integrated management of GarrettCom switches. \nAttackers can leverage this issue to gain unauthorized administrative access to the device running the affected software. \nThe following versions are affected:\nMNS-6K 4.1.14 and prior\nMNS-6K-SECURE 4.1.14 and prior. ----------------------------------------------------------------------\n\nThe new Secunia CSI 6.0 is now available in beta!\nSeamless integration with your existing security solutions Sign-up to \nbecome a Beta tester: http://secunia.com/csi6beta\n\n----------------------------------------------------------------------\n\nTITLE:\nMagnum MNS-6K Hardcoded Password Security Issue\n\nSECUNIA ADVISORY ID:\nSA50418\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50418/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50418\n\nRELEASE DATE:\n2012-08-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50418/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50418/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50418\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in Magnum MNS-6K, which can be\nexploited by malicious, local users to gain escalated privileges. \n* Magnum MNS-6K version 14.1.14 SECURE and prior. \n\nSOLUTION:\nUpdate to version 4.1.15 and 14.1.15. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Justin W. Clarke, Cylance Inc. \n\nORIGINAL ADVISORY:\nGarretCom:\nhttp://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "BID",
"id": "55334"
},
{
"db": "PACKETSTORM",
"id": "116134"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3014",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-243-01",
"trust": 3.1
},
{
"db": "BID",
"id": "55334",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50418",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4579",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20519",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "116278",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116134",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "BID",
"id": "55334"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "PACKETSTORM",
"id": "116278"
},
{
"db": "PACKETSTORM",
"id": "116134"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"id": "VAR-201209-0221",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
}
]
},
"last_update_date": "2023-12-18T12:52:16.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes: Magnum MNS-6K Release 4.4.0 and 14.4.0",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.garrettcom.com/"
},
{
"title": "GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/21131"
},
{
"title": "rel_v1441_secure",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44477"
},
{
"title": "rel_v441",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44476"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-243-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3014"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3014"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55334"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3014"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50418/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50418"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50418/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "PACKETSTORM",
"id": "116278"
},
{
"db": "PACKETSTORM",
"id": "116134"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"db": "BID",
"id": "55334"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"db": "PACKETSTORM",
"id": "116278"
},
{
"db": "PACKETSTORM",
"id": "116134"
},
{
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"date": "2012-08-30T00:00:00",
"db": "BID",
"id": "55334"
},
{
"date": "2012-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"date": "2012-09-06T02:13:08",
"db": "PACKETSTORM",
"id": "116278"
},
{
"date": "2012-09-01T06:24:05",
"db": "PACKETSTORM",
"id": "116134"
},
{
"date": "2012-09-04T11:04:49.327000",
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"date": "2012-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4579"
},
{
"date": "2012-08-30T00:00:00",
"db": "BID",
"id": "55334"
},
{
"date": "2012-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004069"
},
{
"date": "2012-09-04T11:04:49.327000",
"db": "NVD",
"id": "CVE-2012-3014"
},
{
"date": "2012-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "55334"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-669"
}
],
"trust": 0.6
}
}
VAR-201508-0390
Vulnerability from variot - Updated: 2023-12-18 12:51The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6km",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kl",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k8",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k32",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k25",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k16",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kt",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kg",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6km",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6kl",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k8",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k32",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k25",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k16",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kt",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kg",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3961"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75228"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3961",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-81922",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3961",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-04091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-462",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81922",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. \nSuccessful exploitation of the issue will cause the device to reload, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "VULHUB",
"id": "VHN-81922"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3961",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.8
},
{
"db": "BID",
"id": "75228",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04091",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81922",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"id": "VAR-201508-0390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
}
]
},
"last_update_date": "2023-12-18T12:51:40.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "Patch for GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60142"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/75228"
},
{
"trust": 2.0,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3961"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81922"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75228"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"date": "2015-08-04T01:59:06.450000",
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81922"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75228"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"date": "2016-12-06T03:01:37.103000",
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Service disruption in server components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.6
}
}
VAR-201508-0387
Vulnerability from variot - Updated: 2023-12-18 12:51Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Versions prior to Magnum 6K 4.5.6 Versions prior to Magnum 10K 4.5.6. web-server is one of the web server components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k switches",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "0"
},
{
"model": "magnum 10k switches",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "0"
},
{
"model": "magnum 6k switches",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k switches",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3942"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ashish Kamble of Qualys Security and Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75227"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3942",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-04092",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-81903",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3942",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-463",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81903",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nVersions prior to Magnum 6K 4.5.6\nVersions prior to Magnum 10K 4.5.6. web-server is one of the web server components",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "VULHUB",
"id": "VHN-81903"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3942",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.8
},
{
"db": "BID",
"id": "75227",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04092",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81903",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"id": "VAR-201508-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
}
]
},
"last_update_date": "2023-12-18T12:51:40.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "Patch for GarrettCom Magnum 6K and 10K Switches Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60141"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/75227"
},
{
"trust": 1.7,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3942"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3942"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81903"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75227"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"date": "2015-08-04T01:59:03.297000",
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81903"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75227"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"date": "2016-12-06T03:01:28.210000",
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Server component cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.6
}
}
VAR-201508-0389
Vulnerability from variot - Updated: 2023-12-18 12:51The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit vulnerabilities to gain unauthorized access to devices through sensitive information. An attacker can exploit this issue to gain unauthorized access to the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0389",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": null,
"trust": 0.6,
"vendor": "garrettcom",
"version": null
},
{
"model": "magnum 10k",
"scope": null,
"trust": 0.6,
"vendor": "garrettcom",
"version": null
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6km",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kl",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k8",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k32",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k25",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k16",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kt",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kg",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6km",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6kl",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k8",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k32",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k25",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k16",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kt",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kg",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "BID",
"id": "75236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ashish Kamble of Qualys Security and Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75236"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-3960",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04075",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-81921",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3960",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04075",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-459",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81921",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-3960",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit vulnerabilities to gain unauthorized access to devices through sensitive information. \nAn attacker can exploit this issue to gain unauthorized access to the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "BID",
"id": "75236"
},
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "VULMON",
"id": "CVE-2015-3960"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3960",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.9
},
{
"db": "BID",
"id": "75236",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04075",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81921",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3960",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"db": "BID",
"id": "75236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"id": "VAR-201508-0389",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "VULHUB",
"id": "VHN-81921"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
}
]
},
"last_update_date": "2023-12-18T12:51:40.808000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "GarrettCom Magnum 6K and 10K Switches Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60105"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/75236"
},
{
"trust": 2.1,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3960"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3960"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39397"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"db": "BID",
"id": "75236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"db": "VULHUB",
"id": "VHN-81921"
},
{
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"db": "BID",
"id": "75236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81921"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75236"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"date": "2015-08-04T01:59:05.513000",
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04075"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81921"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3960"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75236"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003989"
},
{
"date": "2016-12-06T03:01:36.027000",
"db": "NVD",
"id": "CVE-2015-3960"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS In the firmware HTTPS Vulnerability that breaks the encryption protection mechanism of a session",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003989"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-459"
}
],
"trust": 0.6
}
}
VAR-201508-0388
Vulnerability from variot - Updated: 2023-12-18 12:51The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. A security vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows a local attacker to exploit a vulnerability to bypass security restrictions and perform unauthorized operations. An attacker in physical proximity could exploit this vulnerability to gain access with the enablement of this privileged account and a known password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": null,
"trust": 0.6,
"vendor": "garrettcom",
"version": null
},
{
"model": "magnum 10k",
"scope": null,
"trust": 0.6,
"vendor": "garrettcom",
"version": null
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6km",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kl",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k8",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k32",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k25",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k16",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kt",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kg",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6km",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6kl",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k8",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k32",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k25",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k16",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kt",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kg",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "BID",
"id": "75235"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ashish Kamble of Qualys Security and Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75235"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-3959",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CNVD-2015-04090",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-81920",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3959",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04090",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81920",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "VULHUB",
"id": "VHN-81920"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. A security vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows a local attacker to exploit a vulnerability to bypass security restrictions and perform unauthorized operations. An attacker in physical proximity could exploit this vulnerability to gain access with the enablement of this privileged account and a known password",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "BID",
"id": "75235"
},
{
"db": "VULHUB",
"id": "VHN-81920"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3959",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.8
},
{
"db": "BID",
"id": "75235",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04090",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81920",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "VULHUB",
"id": "VHN-81920"
},
{
"db": "BID",
"id": "75235"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"id": "VAR-201508-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "VULHUB",
"id": "VHN-81920"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
}
]
},
"last_update_date": "2023-12-18T12:51:40.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "GarrettCom Magnum 6K and 10K Switches Local Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60143"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/75235"
},
{
"trust": 2.0,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3959"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3959"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "VULHUB",
"id": "VHN-81920"
},
{
"db": "BID",
"id": "75235"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"db": "VULHUB",
"id": "VHN-81920"
},
{
"db": "BID",
"id": "75235"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81920"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75235"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"date": "2015-08-04T01:59:04.407000",
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04090"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81920"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75235"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003988"
},
{
"date": "2016-12-06T03:01:34.977000",
"db": "NVD",
"id": "CVE-2015-3959"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75235"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS Vulnerabilities in which access rights can be obtained in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003988"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-460"
}
],
"trust": 0.6
}
}
CVE-2015-3961 (GCVE-0-2015-3961)
Vulnerability from nvd – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75228 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75228"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75228"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75228"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3961",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3960 (GCVE-0-2015-3960)
Vulnerability from nvd – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75236 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75236"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3960",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3959 (GCVE-0-2015-3959)
Vulnerability from nvd – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75235 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75235"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3959",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3942 (GCVE-0-2015-3942)
Vulnerability from nvd – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75227 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:00.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75227"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3942",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:00.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3014 (GCVE-0-2012-3014)
Vulnerability from nvd – Published: 2012-09-04 10:00 – Updated: 2024-09-17 00:40
VLAI
Summary
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.garrettcom.com/techsupport/6k_dl/6k440… | x_refsource_MISC |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T10:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf",
"refsource": "MISC",
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3014",
"datePublished": "2012-09-04T10:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:40:44.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3942 (GCVE-0-2015-3942)
Vulnerability from cvelistv5 – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75227 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:00.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75227"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3942",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:00.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3959 (GCVE-0-2015-3959)
Vulnerability from cvelistv5 – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75235 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75235"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3959",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3961 (GCVE-0-2015-3961)
Vulnerability from cvelistv5 – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75228 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75228",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75228"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75228",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75228"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75228"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3961",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3960 (GCVE-0-2015-3960)
Vulnerability from cvelistv5 – Published: 2015-08-04 01:00 – Updated: 2024-08-06 06:04
VLAI
Summary
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/75236 | vdb-entryx_refsource_BID |
| http://www.garrettcom.com/techsupport/MNS6K_R456_… | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01 | x_refsource_MISC |
Date Public
2015-06-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:01.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "75236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "75236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers\u0027 installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75236"
},
{
"name": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3960",
"datePublished": "2015-08-04T01:00:00.000Z",
"dateReserved": "2015-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:04:01.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3014 (GCVE-0-2012-3014)
Vulnerability from cvelistv5 – Published: 2012-09-04 10:00 – Updated: 2024-09-17 00:40
VLAI
Summary
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.garrettcom.com/techsupport/6k_dl/6k440… | x_refsource_MISC |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-04T10:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf",
"refsource": "MISC",
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3014",
"datePublished": "2012-09-04T10:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:40:44.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}