This afternoon the DHS ICS-CERT published an advisory for
GarrettCom Ethernet switches. The advisory
describes multiple vulnerabilities in GarrettCom’s Magnum 6k and Magnum 10k
product lines. The vulnerabilities were reported by Ashish Kamble of Qualys
Security and Eireann Leverett. GarrettCom has produced new firmware versions to
correct these vulnerabilities and ICS-CERT reports that Kamble has validated
the efficacy of the fixes.
The reported vulnerabilities are:
∙ Use of hard-coded credentials, CVE-2015-3960 and CVE-2015-3959;
and
∙ External
control of assumed-immutable web parameter, CVE-2015-3961
It looks like there is a typo in the advisory where ICS-CERT
usually reports the difficulty of exploiting the vulnerabilities; they repeat
the previous comment about no known public exploits. Based upon past reports,
however, I would suspect that a relatively low skilled attacker could remotely
exploit the vulnerability.
Interestingly the Belden GarrettCom release
note calls one of the hard-coded credential vulnerabilities an ‘SSL key
exposure’ vulnerability. They explain that it is “possible for certain security
keys of the Belden Garrettcom 10K and 6K products to be deciphered potentially
posing a man-in-the-middle security threat when using HTTPS to communicate with
the device”. The also maintain that the remaining hard-coded credential
vulnerability only applies to a privileged account that “is actually not
enabled in the operating switch”.
ICS-CERT notes that these two new firmware releases were
made available in December of last year and January of this year. It is
possible that some of these devices have already been fixed. The earlier
release contained a number of other, non-security bug fixes. It is interesting
that it has taken so long for this advisory to be published by ICS-CERT. I
would assume that it was due to communications issues.
Posts
No comments:
Post a Comment