CVE-2014-0328
Published Aug 15, 2014
Last updated 10 years ago
Overview
- Description
- The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/347.html">CWE-347: Improper Verification of Cryptographic Signature</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEA4C870-472D-4CE8-BAF7-B489DA48AC4E"
},
{
"criteria": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D85C2D45-B835-4374-B3AB-B3DE311BBFFA"
},
{
"criteria": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6CDFC3D-35A7-4530-A253-62E5DF82F3CD"
},
{
"criteria": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0328B479-A9BA-49A9-B352-70D8816F4463"
}
],
"operator": "OR"
}
]
}
]