Sign-up

ID

VAR-201408-0147


CVE

CVE-2014-0328


TITLE

Cobham thraneLINK improper verification of firmware updates vulnerability

Trust: 0.8

sources: CERT/CC: VU#179732

DESCRIPTION

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. Cobham thraneLINK There is a vulnerability in the firmware update function of the device. Cobham of thraneLINK The protocol does not verify the digital signature of the firmware update ( CWE-347 ). Also connected to the network thraneLINK The device SLPFindSrvs You can enumerate by protocol. As a result, crafted SNMP Prepared by a third party upon request TFTP server May download unauthorized firmware updates from. CWE-347: Improper Verification of Cryptographic Signature http://cwe.mitre.org/data/definitions/347.htmlBy a remote third party, thraneLINK A malicious firmware image may be deployed on the device and execute arbitrary code. Cobham thraneLINK is a communication protocol used by the Cobham Company in the United Kingdom for satellite communication systems. It supports SAILOR devices in connected networks and provides remote diagnostics. Cobham thraneLINK has a remote code execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 3.15

sources: NVD: CVE-2014-0328 // CERT/CC: VU#179732 // JVNDB: JVNDB-2014-003712 // CNVD: CNVD-2014-04953 // BID: 69153

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04953

AFFECTED PRODUCTS

vendor:cobham plcmodel: - scope: - version: -

Trust: 1.6

vendor:cobhammodel:sailor 6300 mf \/ hfscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor 6006 message terminalscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:ailor 6110 mini-c gmdssscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:sailor 6222 vhfscope:eqversion: -

Trust: 1.6

vendor:cobham plcmodel:sailor 6006 message terminalscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6110 mini-c gmdssscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6222 vhfscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6300 mf/hfscope: - version: -

Trust: 0.8

vendor:cobhammodel:thranelinkscope: - version: -

Trust: 0.6

vendor:cobhammodel:plc thranelinkscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#179732 // CNVD: CNVD-2014-04953 // BID: 69153 // JVNDB: JVNDB-2014-003712 // CNNVD: CNNVD-201408-141 // NVD: CVE-2014-0328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0328
value: HIGH

Trust: 1.0

NVD: CVE-2014-0328
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-003712
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04953
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201408-141
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2014-0328
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-0328
severity: HIGH
baseScore: 9.3
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-003712
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-04953
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#179732 // CNVD: CNVD-2014-04953 // JVNDB: JVNDB-2014-003712 // CNNVD: CNNVD-201408-141 // NVD: CVE-2014-0328

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003712 // NVD: CVE-2014-0328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-141

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201408-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003712

PATCH
title:SAILOR 6000 Seriesurl:http://thrane.sailor6000series.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003712

EXTERNAL IDS
db:CERT/CCid:VU#179732
Trust: 3.5
db:NVDid:CVE-2014-0328
Trust: 3.3
db:BIDid:69153
Trust: 1.5
db:JVNid:JVNVU99941229
Trust: 0.8
db:JVNDBid:JVNDB-2014-003712
Trust: 0.8
db:CNVDid:CNVD-2014-04953
Trust: 0.6
db:CNNVDid:CNNVD-201408-141
Trust: 0.6
sources:
            
            
            CERT/CC: VU#179732 // 
            
            
            
            CNVD: CNVD-2014-04953 // 
            
            
            
            BID: 69153 // 
            
            
            
            JVNDB: JVNDB-2014-003712 // 
            
            
            
            CNNVD: CNNVD-201408-141 // 
            
            
            
            NVD: CVE-2014-0328

REFERENCES
url:http://www.kb.cert.org/vuls/id/179732
Trust: 2.7
url:http://www.securityfocus.com/bid/69153
Trust: 1.2
url:http://thrane.sailor6000series.com/
Trust: 0.8
url:http://esupport.thrane.com/index.php?_m=downloads&_a=downloadfile&downloaditemid=2130
Trust: 0.8
url:http://www.cobham.com/media/960477/sailor_6000_series_brochure.pdf
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/347.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0328
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99941229/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0328
Trust: 0.8
url:www.cobham.com
Trust: 0.3
sources:
            
            
            CERT/CC: VU#179732 // 
            
            
            
            CNVD: CNVD-2014-04953 // 
            
            
            
            BID: 69153 // 
            
            
            
            JVNDB: JVNDB-2014-003712 // 
            
            
            
            CNNVD: CNNVD-201408-141 // 
            
            
            
            NVD: CVE-2014-0328

CREDITS
Ruben Santamarta
Trust: 0.9
sources:
            
            
            BID: 69153 // 
            
            
            
            CNNVD: CNNVD-201408-141

SOURCES
db:CERT/CCid:VU#179732
db:CNVDid:CNVD-2014-04953
db:BIDid:69153
db:JVNDBid:JVNDB-2014-003712
db:CNNVDid:CNNVD-201408-141
db:NVDid:CVE-2014-0328

LAST UPDATE DATE
2025-04-13T23:23:53.336000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#179732date:2014-08-14T00:00:00
db:CNVDid:CNVD-2014-04953date:2014-08-13T00:00:00
db:BIDid:69153date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003712date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201408-141date:2014-08-18T00:00:00
db:NVDid:CVE-2014-0328date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#179732date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-04953date:2014-08-13T00:00:00
db:BIDid:69153date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003712date:2014-08-11T00:00:00
db:CNNVDid:CNNVD-201408-141date:2014-08-12T00:00:00
db:NVDid:CVE-2014-0328date:2014-08-15T11:15:42.903