Sign-up

ID

VAR-201209-0221


CVE

CVE-2012-3014


TITLE

GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability

Trust: 0.9

sources: BID: 55334 // CNNVD: CNNVD-201208-669

DESCRIPTION

The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. GarrettCom Magnum MNS-6K software can be used for integrated management of GarrettCom switches. Attackers can leverage this issue to gain unauthorized administrative access to the device running the affected software. The following versions are affected: MNS-6K 4.1.14 and prior MNS-6K-SECURE 4.1.14 and prior. ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Magnum MNS-6K Hardcoded Password Security Issue SECUNIA ADVISORY ID: SA50418 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50418/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50418 RELEASE DATE: 2012-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/50418/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50418/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50418 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Magnum MNS-6K, which can be exploited by malicious, local users to gain escalated privileges. * Magnum MNS-6K version 14.1.14 SECURE and prior. SOLUTION: Update to version 4.1.15 and 14.1.15. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Justin W. Clarke, Cylance Inc. ORIGINAL ADVISORY: GarretCom: http://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2012-3014 // JVNDB: JVNDB-2012-004069 // CNVD: CNVD-2012-4579 // BID: 55334 // PACKETSTORM: 116134

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-4579

AFFECTED PRODUCTS

vendor:garrettcommodel:magnum managed networks software-6k securescope:eqversion:14.3.0

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6k securescope:eqversion:14.2

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6k securescope:eqversion:14.2.1

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6kscope:eqversion:4.2

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6k securescope:eqversion:14.3.1

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6kscope:eqversion:4.2.1

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6kscope:eqversion:4.3.0

Trust: 1.6

vendor:garrettcommodel:magnum managed networks software-6kscope:lteversion:4.3.1

Trust: 1.0

vendor:garrettcommodel:mns-6k securescope:eqversion:14.4.0

Trust: 0.8

vendor:garrettcommodel:mns-6k securescope:ltversion:14.x

Trust: 0.8

vendor:garrettcommodel:magnum mns-6k softwarescope: - version: -

Trust: 0.6

vendor:garrettcommodel:magnum managed networks software-6kscope:eqversion:4.3.1

Trust: 0.6

sources: CNVD: CNVD-2012-4579 // JVNDB: JVNDB-2012-004069 // CNNVD: CNNVD-201208-669 // NVD: CVE-2012-3014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3014
value: HIGH

Trust: 1.0

NVD: CVE-2012-3014
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-669
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2012-3014
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-004069 // CNNVD: CNNVD-201208-669 // NVD: CVE-2012-3014

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2012-004069 // NVD: CVE-2012-3014

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201208-669

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201208-669

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004069

PATCH
title:Release Notes: Magnum MNS-6K Release 4.4.0 and 14.4.0url:http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf
Trust: 0.8
title:Top Pageurl:http://www.garrettcom.com/
Trust: 0.8
title:GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/21131
Trust: 0.6
title:rel_v1441_secureurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44477
Trust: 0.6
title:rel_v441url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44476
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-4579 // 
            
            
            
            JVNDB: JVNDB-2012-004069 // 
            
            
            
            CNNVD: CNNVD-201208-669

EXTERNAL IDS
db:NVDid:CVE-2012-3014
Trust: 3.4
db:ICS CERTid:ICSA-12-243-01
Trust: 3.1
db:BIDid:55334
Trust: 0.9
db:JVNDBid:JVNDB-2012-004069
Trust: 0.8
db:SECUNIAid:50418
Trust: 0.8
db:CNVDid:CNVD-2012-4579
Trust: 0.6
db:NSFOCUSid:20519
Trust: 0.6
db:CNNVDid:CNNVD-201208-669
Trust: 0.6
db:PACKETSTORMid:116278
Trust: 0.1
db:PACKETSTORMid:116134
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4579 // 
            
            
            
            BID: 55334 // 
            
            
            
            JVNDB: JVNDB-2012-004069 // 
            
            
            
            PACKETSTORM: 116278 // 
            
            
            
            PACKETSTORM: 116134 // 
            
            
            
            CNNVD: CNNVD-201208-669 // 
            
            
            
            NVD: CVE-2012-3014

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-243-01.pdf
Trust: 3.1
url:http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3014
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3014
Trust: 0.8
url:http://secunia.com/advisories/50418
Trust: 0.6
url:http://www.securityfocus.com/bid/55334
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20519
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2012-3014
Trust: 0.1
url:http://secunia.com/advisories/50418/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50418
Trust: 0.1
url:http://secunia.com/csi6beta
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/50418/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-4579 // 
            
            
            
            JVNDB: JVNDB-2012-004069 // 
            
            
            
            PACKETSTORM: 116278 // 
            
            
            
            PACKETSTORM: 116134 // 
            
            
            
            CNNVD: CNNVD-201208-669 // 
            
            
            
            NVD: CVE-2012-3014

CREDITS
Justin W. Clarke of Cylance Inc.
Trust: 0.9
sources:
            
            
            BID: 55334 // 
            
            
            
            CNNVD: CNNVD-201208-669

SOURCES
db:CNVDid:CNVD-2012-4579
db:BIDid:55334
db:JVNDBid:JVNDB-2012-004069
db:PACKETSTORMid:116278
db:PACKETSTORMid:116134
db:CNNVDid:CNNVD-201208-669
db:NVDid:CVE-2012-3014

LAST UPDATE DATE
2025-04-11T23:05:44.692000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4579date:2012-09-04T00:00:00
db:BIDid:55334date:2012-08-30T00:00:00
db:JVNDBid:JVNDB-2012-004069date:2012-09-05T00:00:00
db:CNNVDid:CNNVD-201208-669date:2012-09-03T00:00:00
db:NVDid:CVE-2012-3014date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-4579date:2012-09-04T00:00:00
db:BIDid:55334date:2012-08-30T00:00:00
db:JVNDBid:JVNDB-2012-004069date:2012-09-05T00:00:00
db:PACKETSTORMid:116278date:2012-09-06T02:13:08
db:PACKETSTORMid:116134date:2012-09-01T06:24:05
db:CNNVDid:CNNVD-201208-669date:2012-08-30T00:00:00
db:NVDid:CVE-2012-3014date:2012-09-04T11:04:49.327