Sign-up

ID

VAR-201408-0034


CVE

CVE-2013-7180


TITLE

Cobham SATCOM products' web interface contains a weak password recovery vulnerability

Trust: 0.8

sources: CERT/CC: VU#602006

DESCRIPTION

Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. Cobham Multiple product web interfaces are vulnerable to a password recovery mechanism. Cobham Multiple product web interfaces have a password reset mechanism. It ’s easy to analyze this mechanism, and the administrator account password can be altered ( CWE-640 ). CWE-640: Weak Password Recovery Mechanism for Forgotten Password http://cwe.mitre.org/data/definitions/640.htmlA remote attacker who accesses the web interface may reset the administrator password and operate the product. Cobham SATCOM is a satellite communications company. Multiple Cobham products are prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may lead to further attacks

Trust: 3.15

sources: NVD: CVE-2013-7180 // CERT/CC: VU#602006 // JVNDB: JVNDB-2014-003711 // CNVD: CNVD-2014-05036 // BID: 69148

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05036

AFFECTED PRODUCTS

vendor:cobhammodel:aviator 350scope:eqversion: -

Trust: 1.6

vendor:cobhammodel:aviator 700dscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor 900 vsatscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:aviator 200scope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor fleetbroadband 150scope:eqversion: -

Trust: 1.6

vendor:cobhammodel:aviator 300scope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor fleetbroadband 500scope:eqversion: -

Trust: 1.6

vendor:cobhammodel:explorer bganscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor fleetbroadband 250scope:eqversion: -

Trust: 1.6

vendor:cobham plcmodel: - scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 200scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 300scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 350scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 700dscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:explorer bganscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 150 fleetbroadbandscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 250 fleetbroadbandscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 500 fleetbroadbandscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 900 vsatscope: - version: -

Trust: 0.8

vendor:cobhammodel:satcomscope: - version: -

Trust: 0.6

vendor:cobhammodel:plc sailor fleetbroadbandscope:eqversion:5000

Trust: 0.3

vendor:cobhammodel:plc sailor fleetbroadbandscope:eqversion:2500

Trust: 0.3

vendor:cobhammodel:plc sailor fleetbroadbandscope:eqversion:1500

Trust: 0.3

vendor:cobhammodel:plc sailor vsatscope:eqversion:9000

Trust: 0.3

vendor:cobhammodel:plc explorer bganscope:eqversion:0

Trust: 0.3

vendor:cobhammodel:plc aviatorscope:eqversion:3500

Trust: 0.3

vendor:cobhammodel:plc aviatorscope:eqversion:3000

Trust: 0.3

vendor:cobhammodel:plc aviatorscope:eqversion:2000

Trust: 0.3

vendor:cobhammodel:plc aviator 700dscope: - version: -

Trust: 0.3

sources: CERT/CC: VU#602006 // CNVD: CNVD-2014-05036 // BID: 69148 // JVNDB: JVNDB-2014-003711 // CNNVD: CNNVD-201408-146 // NVD: CVE-2013-7180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7180
value: HIGH

Trust: 1.0

NVD: CVE-2013-7180
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-003711
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-05036
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201408-146
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-7180
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2013-7180
severity: HIGH
baseScore: 7.8
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-003711
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-05036
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#602006 // CNVD: CNVD-2014-05036 // JVNDB: JVNDB-2014-003711 // CNNVD: CNNVD-201408-146 // NVD: CVE-2013-7180

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003711 // NVD: CVE-2013-7180

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-146

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201408-146

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003711

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#602006

PATCH
title:Aerospace and Security, SATCOMurl:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003711

EXTERNAL IDS
db:CERT/CCid:VU#602006
Trust: 4.1
db:NVDid:CVE-2013-7180
Trust: 3.3
db:BIDid:69148
Trust: 1.5
db:JVNid:JVNVU93326351
Trust: 0.8
db:JVNDBid:JVNDB-2014-003711
Trust: 0.8
db:CNVDid:CNVD-2014-05036
Trust: 0.6
db:CNNVDid:CNNVD-201408-146
Trust: 0.6
sources:
            
            
            CERT/CC: VU#602006 // 
            
            
            
            CNVD: CNVD-2014-05036 // 
            
            
            
            BID: 69148 // 
            
            
            
            JVNDB: JVNDB-2014-003711 // 
            
            
            
            CNNVD: CNNVD-201408-146 // 
            
            
            
            NVD: CVE-2013-7180

REFERENCES
url:http://www.kb.cert.org/vuls/id/602006
Trust: 3.3
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services.aspx
Trust: 0.8
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx
Trust: 0.8
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services/on-the-move-bgan.aspx
Trust: 0.8
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services/ultra-portable-bgan.aspx
Trust: 0.8
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/cockpit-and-cabin-communication/products-and-services/swiftbroadband-systems.aspx
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/640.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7180
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93326351/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7180
Trust: 0.8
url:http://www.securityfocus.com/bid/69148
Trust: 0.6
url:www.cobham.com
Trust: 0.3
sources:
            
            
            CERT/CC: VU#602006 // 
            
            
            
            CNVD: CNVD-2014-05036 // 
            
            
            
            BID: 69148 // 
            
            
            
            JVNDB: JVNDB-2014-003711 // 
            
            
            
            CNNVD: CNNVD-201408-146 // 
            
            
            
            NVD: CVE-2013-7180

CREDITS
Ruben Santamarta
Trust: 0.9
sources:
            
            
            BID: 69148 // 
            
            
            
            CNNVD: CNNVD-201408-146

SOURCES
db:CERT/CCid:VU#602006
db:CNVDid:CNVD-2014-05036
db:BIDid:69148
db:JVNDBid:JVNDB-2014-003711
db:CNNVDid:CNNVD-201408-146
db:NVDid:CVE-2013-7180

LAST UPDATE DATE
2025-04-13T23:37:39.028000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#602006date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-05036date:2014-08-15T00:00:00
db:BIDid:69148date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003711date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201408-146date:2014-08-18T00:00:00
db:NVDid:CVE-2013-7180date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#602006date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-05036date:2014-08-15T00:00:00
db:BIDid:69148date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003711date:2014-08-11T00:00:00
db:CNNVDid:CNNVD-201408-146date:2014-08-14T00:00:00
db:NVDid:CVE-2013-7180date:2014-08-15T11:15:42.827