42 matches found
Hardcoded credentials
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3960
The CVE-2015-3960 issue affects Belden GarrettCom Magnum 6K/10K switches running MNS firmware prior to 4.5.6. The firmware contains hard-coded RSA private keys and certificates used for HTTPS/SSH, enabling remote attackers to defeat cryptographic protections by exploiting a private key from anoth...
CVE-2015-3942
CVE-2015-3942 describes multiple XSS vulnerabilities in the web-server component of GarrettCom Magnum 6K and Magnum 10K switches running before version 4.5.6. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected devices are GarrettCom...
CVE-2015-3961
The CVE-2015-3961 vulnerability affects the web-server component of MNS on Belden GarrettCom Magnum 6K and Magnum 10K switches (before version 4.5.6). A remote authenticated attacker can trigger a denial of service via a crafted URL, causing memory corruption and a reboot. The issue is mitigated ...
CVE-2015-3959
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this...
CVE-2015-3942
Multiple cross-site scripting XSS vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3961
The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service memory corruption and reboot via a crafted URL...
CVE-2015-3959
The CVE-2015-3959 issue affects Belden GarrettCom Magnum 6K and Magnum 10K switches running MNS firmware prior to 4.5.6. The root cause is a hardcoded serial-console password for a privileged account, enabling a physically proximate attacker to gain access by connecting a console session to a non...
CVE-2015-3960
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by...
GarrettCom Magnum 6K and 10K Switches Local Security Bypass Vulnerability
GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows a local attacker to bypass security restrictions and perform unauthorized operations...
GarrettCom Magnum 6K and 10K Switches Information Disclosure Vulnerability
GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches, which allows remote attackers to exploit the vulnerability to gain unauthorized access to the devices via sensitive information...
GarrettCom Magnum 6K and 10K Switches Cross-Site Scripting Vulnerability
GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A cross-site scripting vulnerability exists in GarrettCom Magnum 6K and 10K Switches, which can be exploited by a remote attacker to construct a malicious URI and trick a user into parsing it, which can be used to...
GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability
GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in the GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit the vulnerability by submitting a special request to reload the device, resulting in a denial of...
Schneider Electric StruxureWare Building Expert Plaintext Credentials Vulnerability
OVERVIEW Ashish Kamble of Qualys Security and Eireann Leverett have identified authentication, denial of service, and cross-site scripting vulnerabilities in GarrettCom’s Magnum 6k and Magnum 10k product lines. GarrettCom has produced new firmware versions to mitigate these vulnerabilities. Ashis...
GarrettCom Device Detection
Binary data 6911.prm...
Hard-Coded Password Leaves GarrettCom Switches Open to Attack, ICS-CERT Warns
The Department of Homeland Security is warning users of some of GarrettCom’s switches that there is a hard-coded password in a default account on the devices, which are deployed in a number of critical infrastructure industries, that could allow an attacker to take control of them. A researcher a...
CVE-2012-3014
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors...
Hardcoded credentials
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors...
CVE-2012-3014
The CVE-2012-3014 entry concerns GarrettCom Magnum MNS-6K Management Software that uses a hardcoded administrative password. Affected versions are MNS-6K prior to 4.4.0 and 14.x prior to 14.4.0. Root cause: undocumented hardcoded credential enabling privilege escalation to administrative level fo...