Lucene search

[email protected]CVE-2015-3960

HistoryAug 04, 2015 - 1:59 a.m.

CVE-2015-3960

2015-08-0401:59:05

CWE-310

[email protected]

web.nvd.nist.gov

cve-2015-3960

firmware

mns

belden garrettcom

magnum 6k

magnum 10k

rsa

private keys

certificates

cryptographic protection

https

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.9%

JSON

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers’ installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.

Affected configurations

NVD

Node

garrettcommagnum_10k_firmwareRange≤4.5.5

garrettcommagnum_6k_firmwareRange≤4.5.5

CPENameOperatorVersion
garrettcom:magnum_10k_firmwaregarrettcom magnum 10k firmwarele4.5.5
garrettcom:magnum_6k_firmwaregarrettcom magnum 6k firmwarele4.5.5

CPE	Name	Operator	Version
garrettcom:magnum_10k_firmware	garrettcom magnum 10k firmware	le	4.5.5
garrettcom:magnum_6k_firmware	garrettcom magnum 6k firmware	le	4.5.5

References

www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf

www.securityfocus.com/bid/75236

ics-cert.us-cert.gov/advisories/ICSA-15-167-01

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2015-3960

prion1 cvelist1 nvd1 ics1