Details of VAR-201407-0430

ID

VAR-201407-0430

CVE

CVE-2014-2950

TITLE

Datum Systems satellite modem devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#917348

DESCRIPTION

Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-220: Sensitive Data Under FTP Root (FTP Root Important data under ) Has been identified. http://cwe.mitre.org/data/definitions/220.htmlBy a third party RETR Important information may be obtained through commands. Successful exploits will allow attackers to gain unauthorized access to sensitive areas of the file system, which may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2014-2950 // CERT/CC: VU#917348 // JVNDB: JVNDB-2014-003355 // CNVD: CNVD-2014-04301 // BID: 68515

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04301

AFFECTED PRODUCTS

vendor:	datumsystems	model:	snip	scope:	eq	version:	-	Trust: 1.6
vendor:	datum	model:	systems snip	scope:	-	version:	-	Trust: 0.8
vendor:	datum	model:	systems psm-4500	scope:	-	version:	-	Trust: 0.6
vendor:	datum	model:	systems psm-500	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-04301 // JVNDB: JVNDB-2014-003355 // CNNVD: CNNVD-201407-309 // NVD: CVE-2014-2950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2950
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2950
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04301
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-309
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2014-2950
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04301
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-04301 // JVNDB: JVNDB-2014-003355 // CNNVD: CNNVD-201407-309 // NVD: CVE-2014-2950

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003355 // NVD: CVE-2014-2950

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-309

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-309

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003355

PATCH

title:	Products	url:	http://www.datumsystems.com/products	Trust: 0.8
title:	SnIP Instructions	url:	http://www.datumsystems.com/snip-instructions	Trust: 0.8

sources: JVNDB: JVNDB-2014-003355

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2950	Trust: 3.3
db:	CERT/CC	id:	VU#917348	Trust: 3.2
db:	BID	id:	68515	Trust: 0.9
db:	JVN	id:	JVNVU91389735	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003355	Trust: 0.8
db:	CNVD	id:	CNVD-2014-04301	Trust: 0.6
db:	CNNVD	id:	CNNVD-201407-309	Trust: 0.6

sources: CERT/CC: VU#917348 // CNVD: CNVD-2014-04301 // BID: 68515 // JVNDB: JVNDB-2014-003355 // CNNVD: CNNVD-201407-309 // NVD: CVE-2014-2950

REFERENCES

url:	http://www.kb.cert.org/vuls/id/917348	Trust: 2.4
url:	http://www.datumsystems.com/products	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/798.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/220.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2950	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91389735/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2950	Trust: 0.8
url:	http://www.securityfocus.com/bid/68515	Trust: 0.6

sources: CERT/CC: VU#917348 // CNVD: CNVD-2014-04301 // JVNDB: JVNDB-2014-003355 // CNNVD: CNNVD-201407-309 // NVD: CVE-2014-2950

CREDITS

Narendra Shinde and Ashish Kamble from Qualys

Trust: 0.3

sources: BID: 68515

SOURCES

db:	CERT/CC	id:	VU#917348
db:	CNVD	id:	CNVD-2014-04301
db:	BID	id:	68515
db:	JVNDB	id:	JVNDB-2014-003355
db:	CNNVD	id:	CNNVD-201407-309
db:	NVD	id:	CVE-2014-2950

LAST UPDATE DATE

2025-04-12T23:05:04.614000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#917348	date:	2014-08-14T00:00:00
db:	CNVD	id:	CNVD-2014-04301	date:	2014-07-16T00:00:00
db:	BID	id:	68515	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003355	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-309	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-2950	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#917348	date:	2014-07-11T00:00:00
db:	CNVD	id:	CNVD-2014-04301	date:	2014-07-16T00:00:00
db:	BID	id:	68515	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003355	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-309	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-2950	date:	2014-07-14T21:55:05.657