Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-5419

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.

Published

2015-01-17T02:59:02.600

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-310
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ge multilink_ml3100_firmware ≤ 5.2.0 Yes
Hardware ge multilink_ml3100 * Yes
Operating System ge multilink_ml3000_firmware ≤ 5.2.0 Yes
Hardware ge multilink_ml3000 * Yes
Operating System ge multilink_ml810_firmware ≤ 5.2.0 Yes
Hardware ge multilink_ml810 - Yes
Operating System ge multilink_ml1600_firmware ≤ 4.2.1 Yes
Hardware ge multilink_ml1600 - Yes
Operating System ge multilink_ml800_firmware ≤ 4.2.1 Yes
Hardware ge multilink_ml800 - Yes
Operating System ge multilink_ml2400_firmware ≤ 4.2.1 Yes
Hardware ge multilink_ml2400 - Yes
Operating System ge multilink_ml1200_firmware ≤ 4.2.1 Yes
Hardware ge multilink_ml1200 - Yes
References