CVE-2015-3959

Опубликовано: 04 авг. 2015

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

Комментарий

CWE-798: Use of Hard-coded Credentials

Ссылки

http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Vendor Advisory
http://www.securityfocus.com/bid/75235
https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
Third Party Advisory
US Government Resource
http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Vendor Advisory
http://www.securityfocus.com/bid/75235
https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*

Версия до 4.5.5 (включая)

cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*

Версия до 4.5.5 (включая)

EPSS

Процентиль: 22%

0.00072

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-pmvq-rf92-rfx7

github

больше 3 лет назад