VAR-201508-0390
Vulnerability from variot - Updated: 2023-12-18 12:51The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "magnum 6k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lte",
"trust": 1.0,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "lt",
"trust": 0.8,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10k",
"scope": "eq",
"trust": 0.6,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6km",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kl",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k8",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k32",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k25",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6k16",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kt",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 10kg",
"scope": "eq",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.5"
},
{
"model": "magnum 6kq",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6km",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6kl",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k8",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k32",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k25",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 6k16",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kt",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
},
{
"model": "magnum 10kg",
"scope": "ne",
"trust": 0.3,
"vendor": "garrettcom",
"version": "4.5.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_6k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:garrettcom:magnum_10k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.5.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3961"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett",
"sources": [
{
"db": "BID",
"id": "75228"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.9
},
"cve": "CVE-2015-3961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-3961",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04091",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-81922",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-3961",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2015-04091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-462",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81922",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. \nSuccessful exploitation of the issue will cause the device to reload, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "VULHUB",
"id": "VHN-81922"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3961",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-167-01",
"trust": 2.8
},
{
"db": "BID",
"id": "75228",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04091",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81922",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"id": "VAR-201508-0390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
}
]
},
"last_update_date": "2023-12-18T12:51:40.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MNS6K R456 Release Notes",
"trust": 0.8,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"title": "Patch for GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60142"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-167-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/75228"
},
{
"trust": 2.0,
"url": "http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3961"
},
{
"trust": 0.3,
"url": "http://www.garrettcom.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"db": "VULHUB",
"id": "VHN-81922"
},
{
"db": "BID",
"id": "75228"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-81922"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75228"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"date": "2015-08-04T01:59:06.450000",
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"date": "2015-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04091"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81922"
},
{
"date": "2015-06-16T00:00:00",
"db": "BID",
"id": "75228"
},
{
"date": "2015-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003990"
},
{
"date": "2016-12-06T03:01:37.103000",
"db": "NVD",
"id": "CVE-2015-3961"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Service disruption in server components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003990"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-462"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…