Sign-up

ID

VAR-201508-0390


CVE

CVE-2015-3961


TITLE

Belden GarrettCom Magnum 6K and Magnum 10K Runs on the switch MNS of Web Service disruption in server components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003990

DESCRIPTION

The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL. GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom, USA. Successful exploitation of the issue will cause the device to reload, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2015-3961 // JVNDB: JVNDB-2015-003990 // CNVD: CNVD-2015-04091 // BID: 75228 // VULHUB: VHN-81922

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04091

AFFECTED PRODUCTS

vendor:garrettcommodel:magnum 10kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 6kscope:lteversion:4.5.5

Trust: 1.0

vendor:garrettcommodel:magnum 10kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope:ltversion:4.5.6

Trust: 0.8

vendor:garrettcommodel:magnum 6kscope:eqversion:4.5.6

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope:eqversion:4.5.6

Trust: 0.6

vendor:garrettcommodel:magnum 6kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 10kscope:eqversion:4.5.5

Trust: 0.6

vendor:garrettcommodel:magnum 6kqscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6kmscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6klscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k8scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k32scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k25scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6k16scope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 10ktscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 10kgscope:eqversion:4.5.5

Trust: 0.3

vendor:garrettcommodel:magnum 6kqscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6kmscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6klscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k8scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k32scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k25scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 6k16scope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 10ktscope:neversion:4.5.6

Trust: 0.3

vendor:garrettcommodel:magnum 10kgscope:neversion:4.5.6

Trust: 0.3

sources: CNVD: CNVD-2015-04091 // BID: 75228 // JVNDB: JVNDB-2015-003990 // CNNVD: CNNVD-201506-462 // NVD: CVE-2015-3961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3961
value: LOW

Trust: 1.0

NVD: CVE-2015-3961
value: LOW

Trust: 0.8

CNVD: CNVD-2015-04091
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-462
value: LOW

Trust: 0.6

VULHUB: VHN-81922
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-3961
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04091
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-81922
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04091 // VULHUB: VHN-81922 // JVNDB: JVNDB-2015-003990 // CNNVD: CNNVD-201506-462 // NVD: CVE-2015-3961

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-81922 // JVNDB: JVNDB-2015-003990 // NVD: CVE-2015-3961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-462

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201506-462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003990

PATCH
title:MNS6K R456 Release Notesurl:http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
Trust: 0.8
title:Patch for GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60142
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04091 // 
            
            
            
            JVNDB: JVNDB-2015-003990

EXTERNAL IDS
db:NVDid:CVE-2015-3961
Trust: 3.4
db:ICS CERTid:ICSA-15-167-01
Trust: 2.8
db:BIDid:75228
Trust: 2.6
db:JVNDBid:JVNDB-2015-003990
Trust: 0.8
db:CNNVDid:CNNVD-201506-462
Trust: 0.7
db:CNVDid:CNVD-2015-04091
Trust: 0.6
db:VULHUBid:VHN-81922
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04091 // 
            
            
            
            VULHUB: VHN-81922 // 
            
            
            
            BID: 75228 // 
            
            
            
            JVNDB: JVNDB-2015-003990 // 
            
            
            
            CNNVD: CNNVD-201506-462 // 
            
            
            
            NVD: CVE-2015-3961

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-167-01
Trust: 2.8
url:http://www.securityfocus.com/bid/75228
Trust: 2.3
url:http://www.garrettcom.com/techsupport/mns6k_r456_release_notes.pdf
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3961
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3961
Trust: 0.8
url:http://www.garrettcom.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04091 // 
            
            
            
            VULHUB: VHN-81922 // 
            
            
            
            BID: 75228 // 
            
            
            
            JVNDB: JVNDB-2015-003990 // 
            
            
            
            CNNVD: CNNVD-201506-462 // 
            
            
            
            NVD: CVE-2015-3961

CREDITS
Eireann Leverett
Trust: 0.9
sources:
            
            
            BID: 75228 // 
            
            
            
            CNNVD: CNNVD-201506-462

SOURCES
db:CNVDid:CNVD-2015-04091
db:VULHUBid:VHN-81922
db:BIDid:75228
db:JVNDBid:JVNDB-2015-003990
db:CNNVDid:CNNVD-201506-462
db:NVDid:CVE-2015-3961

LAST UPDATE DATE
2025-04-13T23:03:58.977000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04091date:2015-06-30T00:00:00
db:VULHUBid:VHN-81922date:2016-12-06T00:00:00
db:BIDid:75228date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003990date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-462date:2015-08-04T00:00:00
db:NVDid:CVE-2015-3961date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04091date:2015-06-29T00:00:00
db:VULHUBid:VHN-81922date:2015-08-04T00:00:00
db:BIDid:75228date:2015-06-16T00:00:00
db:JVNDBid:JVNDB-2015-003990date:2015-08-05T00:00:00
db:CNNVDid:CNNVD-201506-462date:2015-06-24T00:00:00
db:NVDid:CVE-2015-3961date:2015-08-04T01:59:06.450