CVE-2017-20234

Summary

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.

Affected Software

VendorProductVersion RangeStatus
BeldenGarrettCom Magnum 6K and 10K Managed Switches0 <= 4.6.0affected
BeldenGarrettCom Magnum 6K and 10K Managed Switches0 <= 4.7.6affected
BeldenGarrettCom Magnum 6K and 10K Managed Switches4.7.7unaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References