CVE-2015-3959

Name of the Vulnerable Software and Affected Versions Belden GarrettCom Magnum 6K and Magnum 10K switches firmware versions prior to 4.5.6

Description The issue concerns a hardcoded serial-console password for a privileged account in the firmware of the affected switches. This might allow physically proximate attackers to obtain access by establishing a console session to a nonstandard installation where this account is enabled, and leveraging knowledge of this password.

Recommendations For firmware versions prior to 4.5.6, update to version 4.5.6 or later to resolve the issue. As a temporary workaround, consider disabling the privileged account with the hardcoded serial-console password until a patch is available. Restrict physical access to the switches to minimize the risk of exploitation.