Lucene search
K

42 matches found

Prion
Prion
added 2015/08/04 1:59 a.m.15 views

Hardcoded credentials

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

7.2CVSS7.2AI score0.00377EPSS
Exploits0References3Affected Software2
Prion
Prion
added 2015/08/04 1:59 a.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01487EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2015/08/04 1:0 a.m.59 views

CVE-2015-3960

The CVE-2015-3960 issue affects Belden GarrettCom Magnum 6K/10K switches running MNS firmware prior to 4.5.6. The firmware contains hard-coded RSA private keys and certificates used for HTTPS/SSH, enabling remote attackers to defeat cryptographic protections by exploiting a private key from anoth...

4.3CVSS6.9AI score0.00883EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2015/08/04 1:0 a.m.43 views

CVE-2015-3942

CVE-2015-3942 describes multiple XSS vulnerabilities in the web-server component of GarrettCom Magnum 6K and Magnum 10K switches running before version 4.5.6. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected devices are GarrettCom...

4.3CVSS5.9AI score0.01487EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2015/08/04 1:0 a.m.42 views

CVE-2015-3961

The CVE-2015-3961 vulnerability affects the web-server component of MNS on Belden GarrettCom Magnum 6K and Magnum 10K switches (before version 4.5.6). A remote authenticated attacker can trigger a denial of service via a crafted URL, causing memory corruption and a reboot. The issue is mitigated ...

3.5CVSS6.5AI score0.0126EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2015/08/04 1:0 a.m.27 views

CVE-2015-3959

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...

6.7AI score0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/08/04 1:0 a.m.27 views

CVE-2015-3942

Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.01487EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/08/04 1:0 a.m.25 views

CVE-2015-3961

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service memory corruption and reboot via a crafted URL...

6.3AI score0.0126EPSS
Exploits0References3
CVE
CVE
added 2015/08/04 1:0 a.m.52 views

CVE-2015-3959

The CVE-2015-3959 issue affects Belden GarrettCom Magnum 6K and Magnum 10K switches running MNS firmware prior to 4.5.6. The root cause is a hardcoded serial-console password for a privileged account, enabling a physically proximate attacker to gain access by connecting a console session to a non...

7.2CVSS6.9AI score0.00377EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2015/08/04 1:0 a.m.26 views

CVE-2015-3960

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...

6.7AI score0.00883EPSS
Exploits0References3
CNVD
CNVD
added 2015/06/26 12:0 a.m.6 views

GarrettCom Magnum 6K and 10K Switches Local Security Bypass Vulnerability

GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows a local attacker to bypass security restrictions and perform unauthorized operations...

7.2CVSS6.6AI score0.00377EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.4 views

GarrettCom Magnum 6K and 10K Switches Information Disclosure Vulnerability

GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches, which allows remote attackers to exploit the vulnerability to gain unauthorized access to the devices via sensitive information...

4.3CVSS6.6AI score0.00883EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.5 views

GarrettCom Magnum 6K and 10K Switches Cross-Site Scripting Vulnerability

GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A cross-site scripting vulnerability exists in GarrettCom Magnum 6K and 10K Switches, which can be exploited by a remote attacker to construct a malicious URI and trick a user into parsing it, which can be used to...

4.3CVSS6.3AI score0.01487EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/26 12:0 a.m.29 views

GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability

GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in the GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit the vulnerability by submitting a special request to reload the device, resulting in a denial of...

3.5CVSS6.8AI score0.0126EPSS
Exploits0References1
ICS
ICS
added 2015/03/19 6:0 a.m.69 views

Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability

OVERVIEW Ashish Kamble of Qualys Security and Eireann Leverett have identified authentication, denial of service, and cross-site scripting vulnerabilities in GarrettCom’s Magnum 6k and Magnum 10k product lines. GarrettCom has produced new firmware versions to mitigate these vulnerabilities. Ashis...

5CVSS7.4AI score0.01487EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2013/06/24 12:0 a.m.11 views

GarrettCom Device Detection

Binary data 6911.prm...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2012/09/05 1:51 p.m.16 views

Hard-Coded Password Leaves GarrettCom Switches Open to Attack, ICS-CERT Warns

The Department of Homeland Security is warning users of some of GarrettCom’s switches that there is a hard-coded password in a default account on the devices, which are deployed in a number of critical infrastructure industries, that could allow an attacker to take control of them. A researcher a...

2.3AI score
Exploits0References5
NVD
NVD
added 2012/09/04 11:4 a.m.19 views

CVE-2012-3014

The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors...

7.7CVSS6.8AI score0.00433EPSS
Exploits0References2
Prion
Prion
added 2012/09/04 11:4 a.m.15 views

Hardcoded credentials

The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors...

7.7CVSS7.3AI score0.00433EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2012/09/04 10:0 a.m.46 views

CVE-2012-3014

The CVE-2012-3014 entry concerns GarrettCom Magnum MNS-6K Management Software that uses a hardcoded administrative password. Affected versions are MNS-6K prior to 4.4.0 and 14.x prior to 14.4.0. Root cause: undocumented hardcoded credential enabling privilege escalation to administrative level fo...

7.7CVSS6.9AI score0.00433EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder