VAR-201508-0387
Vulnerability from variot - Updated: 2023-12-18 12:51Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Versions prior to Magnum 6K 4.5.6 Versions prior to Magnum 10K 4.5.6. web-server is one of the web server components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k switches",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "0"
},
{
"model": "magnum 10k switches",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "0"
},
{
"model": "magnum 6k switches",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k switches",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3942"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ashish Kamble of Qualys Security and Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75227"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3942",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-04092",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-81903",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3942",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-04092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-463",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81903",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nVersions prior to Magnum 6K 4.5.6\nVersions prior to Magnum 10K 4.5.6. web-server is one of the web server components",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "VULHUB",
"id": "VHN-81903"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3942",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.8
},
{
"db": "BID",
"id": "75227",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04092",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81903",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"id": "VAR-201508-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
}
]
},
"last_update_date": "2023-12-18T12:51:40.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "Patch for GarrettCom Magnum 6K and 10K Switches Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60141"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/75227"
},
{
"trust": 1.7,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3942"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3942"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"db": "VULHUB",
"id": "VHN-81903"
},
{
"db": "BID",
"id": "75227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81903"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75227"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"date": "2015-08-04T01:59:03.297000",
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04092"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81903"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75227"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003987"
},
{
"date": "2016-12-06T03:01:28.210000",
"db": "NVD",
"id": "CVE-2015-3942"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Server component cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003987"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-463"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…