Lucene search

[email protected]CVE-2015-3959

HistoryAug 04, 2015 - 1:59 a.m.

CVE-2015-3959

2015-08-0401:59:04

[email protected]

web.nvd.nist.gov

cve-2015-3959

firmware

mns

belden garrettcom magnum

switches

hardcoded password

privileged account

console session

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

Affected configurations

NVD

Node

garrettcommagnum_10k_firmwareRange≤4.5.5

garrettcommagnum_6k_firmwareRange≤4.5.5

CPENameOperatorVersion
garrettcom:magnum_10k_firmwaregarrettcom magnum 10k firmwarele4.5.5
garrettcom:magnum_6k_firmwaregarrettcom magnum 6k firmwarele4.5.5

CPE	Name	Operator	Version
garrettcom:magnum_10k_firmware	garrettcom magnum 10k firmware	le	4.5.5
garrettcom:magnum_6k_firmware	garrettcom magnum 6k firmware	le	4.5.5

References

www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf

www.securityfocus.com/bid/75235

ics-cert.us-cert.gov/advisories/ICSA-15-167-01

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

Related for CVE-2015-3959

prion1 nvd1 cvelist1 ics1