Lucene search

IcscertCVE-2015-3959

HistoryAug 04, 2015 - 1:59 a.m.

CVE-2015-3959

2015-08-0401:59:04

icscert

web.nvd.nist.gov

cve-2015-3959

firmware

mns

belden garrettcom magnum

switches

hardcoded password

privileged account

console session

security vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

Affected configurations

Nvd

Node

garrettcommagnum_10k_firmwareRange≤4.5.5

garrettcommagnum_6k_firmwareRange≤4.5.5

VendorProductVersionCPE
garrettcommagnum_10k_firmware*cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*
garrettcommagnum_6k_firmware*cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
garrettcom	magnum_10k_firmware	*	cpe:2.3:o:garrettcom:magnum_10k_firmware::::::::
garrettcom	magnum_6k_firmware	*	cpe:2.3:o:garrettcom:magnum_6k_firmware::::::::

References

www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf

www.securityfocus.com/bid/75235

ics-cert.us-cert.gov/advisories/ICSA-15-167-01

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

21.1%

JSON

Related for CVE-2015-3959