CVE-2014-0328

Published Aug 15, 2014

Last updated 3 months ago

CVSS info 9.3

Overview

Description: The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/347.html">CWE-347: Improper Verification of Cryptographic Signature</a>
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEA4C870-472D-4CE8-BAF7-B489DA48AC4E"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D85C2D45-B835-4374-B3AB-B3DE311BBFFA"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6CDFC3D-35A7-4530-A253-62E5DF82F3CD"
          },
          {
            "criteria": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0328B479-A9BA-49A9-B352-70D8816F4463"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References