PT-2015-3806 · Ge · Ge Multilink Ml1600+6

Published

2015-01-17

Updated

2025-11-05

CVE-2014-5419

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GE Multilink ML800, ML1200, ML1600, and ML2400 switches versions 4.2.1 and earlier GE Multilink ML810, ML3000, and ML3100 switches versions 5.2.0 and earlier

Description The issue allows remote attackers to obtain the cleartext content of network traffic by reading the same RSA private key used across different customers' installations from a firmware image and then sniffing the network.

Recommendations For GE Multilink ML800, ML1200, ML1600, and ML2400 switches versions 4.2.1 and earlier, update the firmware to a version later than 4.2.1. For GE Multilink ML810, ML3000, and ML3100 switches versions 5.2.0 and earlier, update the firmware to a version later than 5.2.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-310

Related Identifiers

CVE-2014-5419

Affected Products

Ge Multilink Ml1200

Ge Multilink Ml1600

Ge Multilink Ml2400

Ge Multilink Ml3000

Ge Multilink Ml3100

Ge Multilink Ml800

Ge Multilink Ml810

PT-2015-3806 · Ge · Ge Multilink Ml1600+6

CVE-2014-5419

Weakness Enumeration

Related Identifiers

Affected Products

References · 6