ID CVE-2014-2964
Summary Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>
References
Vulnerable Configurations
  • cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*
  • cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*
    cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 15-08-2014 - 17:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
refmap via4
cert-vn VU#882207
Last major update 15-08-2014 - 17:38
Published 15-08-2014 - 11:15
Last modified 15-08-2014 - 17:38
Back to Top