Lucene search

[email protected]NVD:CVE-2015-3959

HistoryAug 04, 2015 - 1:59 a.m.

CVE-2015-3959

2015-08-0401:59:04

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

Affected configurations

NVD

Node

garrettcommagnum_10k_firmwareRange≤4.5.5

garrettcommagnum_6k_firmwareRange≤4.5.5

References

www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf

www.securityfocus.com/bid/75235

ics-cert.us-cert.gov/advisories/ICSA-15-167-01

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.3%

JSON

Related for NVD:CVE-2015-3959

cve1 prion1 cvelist1 ics1