CVE-2014-2964

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/882207	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/882207	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cobham:aviator_700d:-:::::::*
	cpe:2.3:h:cobham:aviator_700e:-:::::::*

History

21 Nov 2024, 02:07

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/882207 - Third Party Advisory, US Government Resource~~	() http://www.kb.cert.org/vuls/id/882207 - Third Party Advisory, US Government Resource

Information

Published : 2014-08-15 11:15

Updated : 2024-11-21 02:07

NVD link : CVE-2014-2964

Mitre link : CVE-2014-2964

CVE.ORG link : CVE-2014-2964

JSON object : View

Products Affected

cobham

aviator_700e
aviator_700d

CWE

NVD-CWE-Other

{"id": "CVE-2014-2964", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-15T11:15:43.090", "references": [{"url": "http://www.kb.cert.org/vuls/id/882207", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/882207", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line."}, {"lang": "es", "value": "Los terminales de sat\u00e9lite Cobham Aviator 700D y 700E tiene contrase\u00f1as embebidas para los programas (1) debug, (2) prod, (3) do160, y (4) flrp, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos ganar privilegios mediante el env\u00edo de una contrase\u00f1a por una l\u00ednea de seriales."}], "lastModified": "2024-11-21T02:07:15.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3FE641-E175-4CC4-90BF-955B1C0217F3"}, {"criteria": "cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF6EB81-6E66-4462-98AE-44DD641BCC90"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/798.html\">CWE-798: Use of Hard-coded Credentials</a>", "sourceIdentifier": "cret@cert.org"}