CVE-2013-7180

Published Aug 15, 2014

Last updated 3 months ago

CVSS info 7.8

Overview

Description: Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/640.html">CWE-640: Weak Password Recovery Mechanism for Forgotten Password</a>
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cobham:aviator_200:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA64EF41-6BDC-443A-897F-F172C3395A94"
          },
          {
            "criteria": "cpe:2.3:h:cobham:aviator_300:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EA1304E-3FB6-45CE-8C6D-1CBD5FB74893"
          },
          {
            "criteria": "cpe:2.3:h:cobham:aviator_350:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9798369A-9E46-4408-BB02-9C722E166299"
          },
          {
            "criteria": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD3FE641-E175-4CC4-90BF-955B1C0217F3"
          },
          {
            "criteria": "cpe:2.3:h:cobham:explorer_bgan:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "555E0CCB-642E-441E-A403-93DD00A5C745"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_900_vsat:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7704EFE7-FCF8-4109-AE65-B162604E0025"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_150:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12AF4243-F56F-4FEC-82EF-0A02C0AB54CA"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_250:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49E0EA46-3D1B-40A7-8CB1-9EFA53954600"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_500:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEBC3788-5053-46B4-A197-55102D2FB004"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References