CVE-2014-5419

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-5419
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 Third Party Advisory US Government Resource
http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ge:multilink_ml3100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml3100:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:ge:multilink_ml3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml3000:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:ge:multilink_ml810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:ge:multilink_ml1600_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:ge:multilink_ml800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:ge:multilink_ml2400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:ge:multilink_ml1200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:12

Type Values Removed Values Added
References () http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf - Vendor Advisory () http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf - Vendor Advisory
References () https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04 - Third Party Advisory, US Government Resource
Information

Published : 2015-01-17 02:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-5419

Mitre link : CVE-2014-5419

CVE.ORG link : CVE-2014-5419

JSON object : View

Products Affected

ge

  • multilink_ml3000
  • multilink_ml1600
  • multilink_ml800_firmware
  • multilink_ml1600_firmware
  • multilink_ml2400_firmware
  • multilink_ml3100
  • multilink_ml2400
  • multilink_ml1200
  • multilink_ml800
  • multilink_ml3100_firmware
  • multilink_ml1200_firmware
  • multilink_ml810
  • multilink_ml810_firmware
  • multilink_ml3000_firmware
CWE
CWE-310

Cryptographic Issues