CVE-2017-20234
CRITICALGarrettCom Magnum 6K and 10K Authentication Bypass via Hardcoded String
Title source: cnaDescription
GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://assets.belden.com/m/114be964b4651983/original/Security-Bulletin-MNS-6K-10K-GarrettCom-BSECV-2017-08.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/garrettcom-magnum-6k-and-10k-authentication-bypass-via-hardcoded-string
Scores
CVSS v3
9.8
EPSS
0.0046
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (3)
Belden/GarrettCom Magnum 6K and 10K Managed Switches
< 4.6.0
Belden/GarrettCom Magnum 6K and 10K Managed Switches
< 4.7.6
Belden/GarrettCom Magnum 6K and 10K Managed Switches
4.7.7
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026