CVE-2013-6035

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/250358	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:gatehouse:gatehouse:-:::::::*
	cpe:2.3:h:harris:bgan:rf-7800b-du204:::::::*
	cpe:2.3:h:harris:bgan:rf-7800b-vu204:::::::*
	cpe:2.3:h:hughes_network_systems:9201:-:::::::*
	cpe:2.3:h:hughes_network_systems:9450:-:::::::*
	cpe:2.3:h:hughes_network_systems:9502:-:::::::*
	cpe:2.3:h:inmarsat:inmarsat:-:::::::*
	cpe:2.3:h:japan_radio:jue-250:-:::::::*
	cpe:2.3:h:japan_radio:jue-500:-:::::::*
	cpe:2.3:h:thuraya_telecommunications:ip:-:::::::*

History

No history.

Information

Published : 2014-02-04 05:39

Updated : 2024-02-04 18:35

NVD link : CVE-2013-6035

Mitre link : CVE-2013-6035

CVE.ORG link : CVE-2013-6035

JSON object : View

Products Affected

hughes_network_systems

9502
9450
9201

japan_radio

jue-500
jue-250

harris

bgan

inmarsat

inmarsat

gatehouse

gatehouse

thuraya_telecommunications

ip

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-6035", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-04T05:39:08.323", "references": [{"url": "http://www.kb.cert.org/vuls/id/250358", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations."}, {"lang": "es", "value": "El firmware de los terminales de conexi\u00f3n v\u00eda sat\u00e9lite GateHouse; Harris BGAN RF-7800B-VU204 y BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450 y 9502; Inmarsat; Japan Radio JUE-250 y JUE-500 y Thuraya IP no necesita autenticaci\u00f3n para las sesiones en el puerto TCP 1827, lo cual permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de operaciones no especificadas del protocolo."}], "lastModified": "2014-02-04T16:26:46.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gatehouse:gatehouse:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D247408D-0B41-413B-B81B-9B046E5827D1"}, {"criteria": "cpe:2.3:h:harris:bgan:rf-7800b-du204:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AEA9731-4226-4A67-BE6A-044636C5228F"}, {"criteria": "cpe:2.3:h:harris:bgan:rf-7800b-vu204:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0AA62AC-7B5F-435A-976D-C5EF35DC1BA1"}, {"criteria": "cpe:2.3:h:hughes_network_systems:9201:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44657548-B2D5-4EDF-AF40-53E200B6761F"}, {"criteria": "cpe:2.3:h:hughes_network_systems:9450:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25BD61A1-B423-4922-BAEB-8D1875F1C21C"}, {"criteria": "cpe:2.3:h:hughes_network_systems:9502:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09DE1B7-24F1-47E1-86FB-AF5F8623F364"}, {"criteria": "cpe:2.3:h:inmarsat:inmarsat:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE3B6B90-17AC-407A-9413-31E07A255A93"}, {"criteria": "cpe:2.3:h:japan_radio:jue-250:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB4AADA3-5FFB-4273-B68A-8E0E6C6741C0"}, {"criteria": "cpe:2.3:h:japan_radio:jue-500:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5403F151-91BE-4D50-A973-E674F277A650"}, {"criteria": "cpe:2.3:h:thuraya_telecommunications:ip:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9074FA7-692D-46A0-81CE-1609370BDB68"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}