Details of VAR-201407-0431

ID

VAR-201407-0431

CVE

CVE-2014-2951

TITLE

Datum Systems satellite modem devices contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#917348

DESCRIPTION

Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors. Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party. There is an undisclosed admin user account and admin password in the system. This vulnerability can be exploited by attackers to bypass the authentication mechanism and obtain Authorized access. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2014-2951 // CERT/CC: VU#917348 // JVNDB: JVNDB-2014-003356 // CNVD: CNVD-2014-04302 // BID: 68514 // VULMON: CVE-2014-2951

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04302

AFFECTED PRODUCTS

vendor:	datumsystems	model:	snip	scope:	eq	version:	-	Trust: 1.6
vendor:	datum	model:	systems snip	scope:	-	version:	-	Trust: 0.8
vendor:	datum	model:	systems psm-4500	scope:	-	version:	-	Trust: 0.6
vendor:	datum	model:	systems psm-500	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-04302 // JVNDB: JVNDB-2014-003356 // CNNVD: CNNVD-201407-310 // NVD: CVE-2014-2951

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2951
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2951
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04302
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-310
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2014-2951
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2951
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-04302
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-04302 // VULMON: CVE-2014-2951 // JVNDB: JVNDB-2014-003356 // CNNVD: CNNVD-201407-310 // NVD: CVE-2014-2951

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003356 // NVD: CVE-2014-2951

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-310

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201407-310

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003356

PATCH

title:	Products	url:	http://www.datumsystems.com/products	Trust: 0.8
title:	SnIP Instructions	url:	http://www.datumsystems.com/snip-instructions	Trust: 0.8

sources: JVNDB: JVNDB-2014-003356

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2951	Trust: 3.4
db:	CERT/CC	id:	VU#917348	Trust: 3.3
db:	BID	id:	68514	Trust: 1.0
db:	JVN	id:	JVNVU91389735	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003356	Trust: 0.8
db:	CNVD	id:	CNVD-2014-04302	Trust: 0.6
db:	CNNVD	id:	CNNVD-201407-310	Trust: 0.6
db:	VULMON	id:	CVE-2014-2951	Trust: 0.1

sources: CERT/CC: VU#917348 // CNVD: CNVD-2014-04302 // VULMON: CVE-2014-2951 // BID: 68514 // JVNDB: JVNDB-2014-003356 // CNNVD: CNNVD-201407-310 // NVD: CVE-2014-2951

REFERENCES

url:	http://www.kb.cert.org/vuls/id/917348	Trust: 2.5
url:	http://www.datumsystems.com/products	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/798.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/220.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2951	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91389735/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2951	Trust: 0.8
url:	http://www.securityfocus.com/bid/68514	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#917348 // CNVD: CNVD-2014-04302 // VULMON: CVE-2014-2951 // JVNDB: JVNDB-2014-003356 // CNNVD: CNNVD-201407-310 // NVD: CVE-2014-2951

CREDITS

Narendra Shinde and Ashish Kamble of Qualys.

Trust: 0.3

sources: BID: 68514

SOURCES

db:	CERT/CC	id:	VU#917348
db:	CNVD	id:	CNVD-2014-04302
db:	VULMON	id:	CVE-2014-2951
db:	BID	id:	68514
db:	JVNDB	id:	JVNDB-2014-003356
db:	CNNVD	id:	CNNVD-201407-310
db:	NVD	id:	CVE-2014-2951

LAST UPDATE DATE

2025-04-12T23:05:04.647000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#917348	date:	2014-08-14T00:00:00
db:	CNVD	id:	CNVD-2014-04302	date:	2014-07-16T00:00:00
db:	VULMON	id:	CVE-2014-2951	date:	2014-07-15T00:00:00
db:	BID	id:	68514	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003356	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-310	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-2951	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#917348	date:	2014-07-11T00:00:00
db:	CNVD	id:	CNVD-2014-04302	date:	2014-07-16T00:00:00
db:	VULMON	id:	CVE-2014-2951	date:	2014-07-14T00:00:00
db:	BID	id:	68514	date:	2014-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-003356	date:	2014-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201407-310	date:	2014-07-15T00:00:00
db:	NVD	id:	CVE-2014-2951	date:	2014-07-14T21:55:05.703