61 matches found
GE MultiLink Series Hard-coded Credential Vulnerability
OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...
Multiple GE Switches Cross-Site Scripting Vulnerability
GE Multilink ML800 and others are Ethernet switch products from General Electric GE. A cross-site scripting vulnerability exists in multiple GE switches. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML...
GE Multilink Switch Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...
CVE-2014-5419
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5418
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...
Code injection
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5419 GE Multilink Use of Hard-coded Cryptographic Key
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5418 GE Multilink Uncontrolled Resource Consumption
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...
CVE-2014-5418
CVE-2014-5418 affects GE Multilink ML800/ML1200/ML1600/ML2400 (firmware 4.2.1 and earlier) and ML810/ML3000/ML3100 (firmware 5.2.0 and earlier). The vulnerability enables remote attackers to cause a denial of service by sending crafted packets that exhaust resources or reboot the switch. The ICS-...
CVE-2014-5419
CVE-2014-5419 affects GE Multilink switches (ML800/1200/1600/2400 on firmware 4.2.1 and earlier; ML810/3000/3100 on firmware 5.2.0 and earlier). Root cause: use of the same RSA private key across installations, enabling an attacker to decrypt SSL traffic by extracting the key from firmware. Impac...
General Electric(GE)industrial control switches exposed high-risk vulnerabilities-vulnerability warning-the black bar safety net
Security researchers recently in the General Electric(GE MultiLink ML800 series switches found on the 2 high-risk vulnerabilities, an attacker can exploit the vulnerability in the case of unauthorized crack of network traffic and to launch a DOS attack. Discover vulnerabilities The MultiLink ML80...
CVE-2012-5589
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...
Code injection
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...
CVE-2012-5589
The CVE-2012-5589 entry concerns the Drupal MultiLink module (versions 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7) which does not properly enforce node-access checks when generating in-content links. This allows remote authenticated users with text-editing permissions to read arbitrary nod...
CVE-2012-5589
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...
SA-CONTRIB-2012-170 - MultiLink - Access Bypass
MultiLink allows you to generate in-content links to a suitable node or node translation based on the visitor's language preferences. It allows the Node Title of the target node to be shown as the visible text and title attribute for the generated link. Prior to versions 6.x-2.7 and 7.x-2.7 the...
Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Document ID: 68793 Advisory ID: cisco-sa-20060118-sgbp http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml Revision 1.0 ============ For Public Release 2006...
CVE-1999-1203
CVE-1999-1203 affects Ascend systems using Multilink PPP for ISDN dialup prior to version 4.6. The vulnerability arises from a spoofed endpoint identifier, enabling remote attackers to cause a denial of service (availability impact). The provided documents do not specify a fix or mitigation. No e...
CVE-1999-1203
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier...
ascend.multilink.ppp.txt
Date: Wed, 10 Feb 1999 15:08:50 -0800 From: David Schwartz To: [email protected] Subject: Security problems in ISDN equipment authentication A security flaw is probably still present in Ascend's multilink PPP implementation over ISDN. Due to its fundamental nature, it's probably in other ISDN...