CVE-2017-20234
Received Received - Intake

Authentication Bypass in GarrettCom Magnum Switches Enables Unauthorized Access

Vulnerability report for CVE-2017-20234, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-03

Last updated on: 2026-04-03

Assigner: VulnCheck

Description

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-03
Last Modified
2026-04-03
Generated
2026-07-06
AI Q&A
2026-04-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
garrettcom magnum_6k *
garrettcom magnum_10k *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in GarrettCom Magnum 6K and 10K managed switches is an authentication bypass issue. It allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. This means attackers can bypass login controls and access administrative functions and sensitive switch configurations without needing valid credentials.

Compliance Impact

The vulnerability allows unauthenticated attackers to bypass authentication and gain unauthorized administrative access to GarrettCom Magnum 6K and 10K managed switches. This unauthorized access to sensitive switch configuration and administrative functions could lead to exposure or manipulation of sensitive data, which may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive information and strict access controls.

However, specific impacts on compliance with these standards are not detailed in the provided information.

Impact Analysis

This vulnerability can have a severe impact as it allows attackers to gain administrative access to the affected switches without authentication. This unauthorized access can lead to manipulation of switch configurations, potential disruption of network operations, exposure of sensitive network information, and overall compromise of network security.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20234. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart