ID CVE-2014-0328
Summary The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. <a href="http://cwe.mitre.org/data/definitions/347.html">CWE-347: Improper Verification of Cryptographic Signature</a>
References
Vulnerable Configurations
  • cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cobham:sailor_6300_mf_\/_hf:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:sailor_6300_mf_\/_hf:-:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-08-2014 - 16:58)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
cert-vn VU#179732
Last major update 15-08-2014 - 16:58
Published 15-08-2014 - 11:15
Last modified 15-08-2014 - 16:58
Back to Top