Sign-up

ID

VAR-201508-0389


CVE

CVE-2015-3960


TITLE

Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS In the firmware HTTPS Vulnerability that breaks the encryption protection mechanism of a session

Trust: 0.8

sources: JVNDB: JVNDB-2015-003989

DESCRIPTION

The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms for HTTPS sessions by leveraging knowledge of a private key from another installation. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. An information disclosure vulnerability exists in GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit vulnerabilities to gain unauthorized access to devices through sensitive information. An attacker can exploit this issue to gain unauthorized access to the affected device

Trust: 2.61

sources: NVD: CVE-2015-3960 // JVNDB: JVNDB-2015-003989 // CNVD: CNVD-2015-04075 // BID: 75236 // VULHUB: VHN-81921 // VULMON: CVE-2015-3960

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04075

AFFECTED PRODUCTS

vendor:garrettcommodel:magnum 10kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 6kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 10kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope: - version: -

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope: - version: -

Trust: 0.6

vendor:garrettcommodel:magnum 6kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 6kqscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6kmscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6klscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k8scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k32scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k25scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k16scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 10ktscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 10kgscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6kqscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6kmscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6klscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k8scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k32scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k25scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k16scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 10ktscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 10kgscope:neversion:4.5.6

Trust: 0.3

sources: CNVD: CNVD-2015-04075 // BID: 75236 // JVNDB: JVNDB-2015-003989 // CNNVD: CNNVD-201506-459 // NVD: CVE-2015-3960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3960
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3960
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-04075
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81921
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-3960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3960
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-04075
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-81921
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04075 // VULHUB: VHN-81921 // VULMON: CVE-2015-3960 // JVNDB: JVNDB-2015-003989 // CNNVD: CNNVD-201506-459 // NVD: CVE-2015-3960

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-81921 // JVNDB: JVNDB-2015-003989 // NVD: CVE-2015-3960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-459

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201506-459

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003989

PATCH
title:MNS6K R456 Release Notesurl:http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Trust: 0.8
title:GarrettCom Magnum 6K and 10K Switches Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/60105
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04075 // 
            
            
            
            JVNDB: JVNDB-2015-003989

EXTERNAL IDS
db:NVDid:CVE-2015-3960
Trust: 3.5
db:ICS CERTid:ICSA-15-167-01
Trust: 2.9
db:BIDid:75236
Trust: 2.7
db:JVNDBid:JVNDB-2015-003989
Trust: 0.8
db:CNNVDid:CNNVD-201506-459
Trust: 0.7
db:CNVDid:CNVD-2015-04075
Trust: 0.6
db:VULHUBid:VHN-81921
Trust: 0.1
db:VULMONid:CVE-2015-3960
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04075 // 
            
            
            
            VULHUB: VHN-81921 // 
            
            
            
            VULMON: CVE-2015-3960 // 
            
            
            
            BID: 75236 // 
            
            
            
            JVNDB: JVNDB-2015-003989 // 
            
            
            
            CNNVD: CNNVD-201506-459 // 
            
            
            
            NVD: CVE-2015-3960

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-167-01
Trust: 3.0
url:http://www.securityfocus.com/bid/75236
Trust: 2.4
url:http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3960
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3960
Trust: 0.8
url:http://www.garrettcom.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/310.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39397
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04075 // 
            
            
            
            VULHUB: VHN-81921 // 
            
            
            
            VULMON: CVE-2015-3960 // 
            
            
            
            BID: 75236 // 
            
            
            
            JVNDB: JVNDB-2015-003989 // 
            
            
            
            CNNVD: CNNVD-201506-459 // 
            
            
            
            NVD: CVE-2015-3960

CREDITS
Ashish Kamble of Qualys Security and Eireann Leverett
Trust: 0.9
sources:
            
            
            BID: 75236 // 
            
            
            
            CNNVD: CNNVD-201506-459

SOURCES
db:CNVDid:CNVD-2015-04075
db:VULHUBid:VHN-81921
db:VULMONid:CVE-2015-3960
db:BIDid:75236
db:JVNDBid:JVNDB-2015-003989
db:CNNVDid:CNNVD-201506-459
db:NVDid:CVE-2015-3960

LAST UPDATE DATE
2025-04-13T23:03:58.939000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04075date:2015-06-29T00:00:00
db:VULHUBid:VHN-81921date:2016-12-06T00:00:00
db:VULMONid:CVE-2015-3960date:2016-12-06T00:00:00
db:BIDid:75236date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003989date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-459date:2015-08-04T00:00:00
db:NVDid:CVE-2015-3960date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04075date:2015-06-29T00:00:00
db:VULHUBid:VHN-81921date:2015-08-04T00:00:00
db:VULMONid:CVE-2015-3960date:2015-08-04T00:00:00
db:BIDid:75236date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003989date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-459date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3960date:2015-08-04T01:59:05.513