Sign-up

ID

VAR-201508-0387


CVE

CVE-2015-3942


TITLE

Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Server component cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003987

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Versions prior to Magnum 6K 4.5.6 Versions prior to Magnum 10K 4.5.6. web-server is one of the web server components

Trust: 2.52

sources: NVD: CVE-2015-3942 // JVNDB: JVNDB-2015-003987 // CNVD: CNVD-2015-04092 // BID: 75227 // VULHUB: VHN-81903

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04092

AFFECTED PRODUCTS

vendor:garrettcommodel:magnum 10kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 6kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 10kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope:eqversion:4.5.6

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope:eqversion:4.5.6

Trust: 0.6

vendor:garrettcommodel:magnum 6kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 6k switchesscope:eqversion:0

Trust: 0.3

vendor:garrettcommodel:magnum 10k switchesscope:eqversion:0

Trust: 0.3

vendor:garrettcommodel:magnum 6k switchesscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 10k switchesscope:neversion:4.5.6

Trust: 0.3

sources: CNVD: CNVD-2015-04092 // BID: 75227 // JVNDB: JVNDB-2015-003987 // CNNVD: CNNVD-201506-463 // NVD: CVE-2015-3942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3942
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3942
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04092
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-463
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81903
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3942
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04092
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-81903
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04092 // VULHUB: VHN-81903 // JVNDB: JVNDB-2015-003987 // CNNVD: CNNVD-201506-463 // NVD: CVE-2015-3942

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-81903 // JVNDB: JVNDB-2015-003987 // NVD: CVE-2015-3942

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-463

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-463

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003987

PATCH
title:MNS6K R456 Release Notesurl:http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Trust: 0.8
title:Patch for GarrettCom Magnum 6K and 10K Switches Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60141
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04092 // 
            
            
            
            JVNDB: JVNDB-2015-003987

EXTERNAL IDS
db:NVDid:CVE-2015-3942
Trust: 3.4
db:ICS CERTid:ICSA-15-167-01
Trust: 2.8
db:BIDid:75227
Trust: 2.6
db:JVNDBid:JVNDB-2015-003987
Trust: 0.8
db:CNNVDid:CNNVD-201506-463
Trust: 0.7
db:CNVDid:CNVD-2015-04092
Trust: 0.6
db:VULHUBid:VHN-81903
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04092 // 
            
            
            
            VULHUB: VHN-81903 // 
            
            
            
            BID: 75227 // 
            
            
            
            JVNDB: JVNDB-2015-003987 // 
            
            
            
            CNNVD: CNNVD-201506-463 // 
            
            
            
            NVD: CVE-2015-3942

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-167-01
Trust: 2.8
url:http://www.securityfocus.com/bid/75227
Trust: 2.3
url:http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3942
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3942
Trust: 0.8
url:http://www.garrettcom.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04092 // 
            
            
            
            VULHUB: VHN-81903 // 
            
            
            
            BID: 75227 // 
            
            
            
            JVNDB: JVNDB-2015-003987 // 
            
            
            
            CNNVD: CNNVD-201506-463 // 
            
            
            
            NVD: CVE-2015-3942

CREDITS
Ashish Kamble of Qualys Security and Eireann Leverett
Trust: 0.9
sources:
            
            
            BID: 75227 // 
            
            
            
            CNNVD: CNNVD-201506-463

SOURCES
db:CNVDid:CNVD-2015-04092
db:VULHUBid:VHN-81903
db:BIDid:75227
db:JVNDBid:JVNDB-2015-003987
db:CNNVDid:CNNVD-201506-463
db:NVDid:CVE-2015-3942

LAST UPDATE DATE
2025-04-13T23:03:58.868000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04092date:2015-06-30T00:00:00
db:VULHUBid:VHN-81903date:2016-12-06T00:00:00
db:BIDid:75227date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003987date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-463date:2015-08-04T00:00:00
db:NVDid:CVE-2015-3942date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04092date:2015-06-30T00:00:00
db:VULHUBid:VHN-81903date:2015-08-04T00:00:00
db:BIDid:75227date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003987date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-463date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3942date:2015-08-04T01:59:03.297