MidnightBSD

Advisories for garrettcom

CVE-2015-3942 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
garrettcom magnum_10k_firmware *
garrettcom magnum_6k_firmware *
CVE-2015-3959 HIGH

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardcoded serial-console password for a privileged account, which might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation on which this account is enabled, and leveraging knowledge of this password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
garrettcom magnum_10k_firmware *
garrettcom magnum_6k_firmware *
CVE-2015-3960 MEDIUM

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
garrettcom magnum_10k_firmware *
garrettcom magnum_6k_firmware *
CVE-2015-3961 LOW

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
garrettcom magnum_10k_firmware *
garrettcom magnum_6k_firmware *