CVE-2015-3960

Опубликовано: 04 авг. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.

Ссылки

http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Vendor Advisory
http://www.securityfocus.com/bid/75236
https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
Third Party Advisory
US Government Resource
http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Vendor Advisory
http://www.securityfocus.com/bid/75236
https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*

Версия до 4.5.5 (включая)

cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*

Версия до 4.5.5 (включая)

EPSS

Процентиль: 63%

0.0044

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-4c9f-wvvv-9w26

github

больше 3 лет назад