CVE-2015-3961
low
CVSS v3
—
CVSS v2
3.5
VIR risk
3.5
Description
The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allows remote authenticated users to cause a denial of service (memory corruption and reboot) via a crafted URL.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: ics-cert@hq.dhs.gov — http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
References
- http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
- http://www.securityfocus.com/bid/75228
- https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
- http://www.garrettcom.com/techsupport/MNS6K_R456_Release_Notes.pdf
- http://www.securityfocus.com/bid/75228
- https://ics-cert.us-cert.gov/advisories/ICSA-15-167-01
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.