Lucene search

[email protected]CVE-2012-3014

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-3014

2022-10-0316:15:23

CWE-255

[email protected]

web.nvd.nist.gov

cve-2012-3014

management software

garrettcom magnum mns-6k

hardcoded password

administrative account

privilege escalation

nvd

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors.

Affected configurations

NVD

Node

garrettcommagnum_managed_networks_software-6kRange≤4.3.1

garrettcommagnum_managed_networks_software-6kMatch4.2

garrettcommagnum_managed_networks_software-6kMatch4.2.1

garrettcommagnum_managed_networks_software-6kMatch4.3.0

garrettcommagnum_managed_networks_software-6k_secureMatch14.2

garrettcommagnum_managed_networks_software-6k_secureMatch14.2.1

garrettcommagnum_managed_networks_software-6k_secureMatch14.3.0

garrettcommagnum_managed_networks_software-6k_secureMatch14.3.1

CPENameOperatorVersion
garrettcom:magnum_managed_networks_software-6kgarrettcom magnum managed networks software-6kle4.3.1
garrettcom:magnum_managed_networks_software-6kgarrettcom magnum managed networks software-6keq4.2
garrettcom:magnum_managed_networks_software-6kgarrettcom magnum managed networks software-6keq4.2.1
garrettcom:magnum_managed_networks_software-6kgarrettcom magnum managed networks software-6keq4.3.0
garrettcom:magnum_managed_networks_software-6k_securegarrettcom magnum managed networks software-6k secureeq14.2
garrettcom:magnum_managed_networks_software-6k_securegarrettcom magnum managed networks software-6k secureeq14.2.1
garrettcom:magnum_managed_networks_software-6k_securegarrettcom magnum managed networks software-6k secureeq14.3.0
garrettcom:magnum_managed_networks_software-6k_securegarrettcom magnum managed networks software-6k secureeq14.3.1

CPE	Name	Operator	Version
garrettcom:magnum_managed_networks_software-6k	garrettcom magnum managed networks software-6k	le	4.3.1
garrettcom:magnum_managed_networks_software-6k	garrettcom magnum managed networks software-6k	eq	4.2
garrettcom:magnum_managed_networks_software-6k	garrettcom magnum managed networks software-6k	eq	4.2.1
garrettcom:magnum_managed_networks_software-6k	garrettcom magnum managed networks software-6k	eq	4.3.0
garrettcom:magnum_managed_networks_software-6k_secure	garrettcom magnum managed networks software-6k secure	eq	14.2
garrettcom:magnum_managed_networks_software-6k_secure	garrettcom magnum managed networks software-6k secure	eq	14.2.1
garrettcom:magnum_managed_networks_software-6k_secure	garrettcom magnum managed networks software-6k secure	eq	14.3.0
garrettcom:magnum_managed_networks_software-6k_secure	garrettcom magnum managed networks software-6k secure	eq	14.3.1

References

www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf

www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf

7.7 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2012-3014

nvd1 prion1 cvelist1 ics1