Vulnerability Description
The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Garrettcom | Magnum 10K Firmware | <= 4.5.5 |
| Garrettcom | Magnum 6K Firmware | <= 4.5.5 |
References
- http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdfVendor Advisory
- http://www.securityfocus.com/bid/75235
- https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01Third Party AdvisoryUS Government Resource
- http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdfVendor Advisory
- http://www.securityfocus.com/bid/75235
- https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-3959?
CVE-2015-3959 is a vulnerability with a CVSS score of 7.2 (HIGH). The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attacke...
How severe is CVE-2015-3959?
CVE-2015-3959 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3959?
Check the references section above for vendor advisories and patch information. Affected products include: Garrettcom Magnum 10K Firmware, Garrettcom Magnum 6K Firmware.