Sign-up

ID

VAR-201408-0271


CVE

CVE-2014-2943


TITLE

Cobham Aviator satellite terminals contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#882207

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol. ** Delete ** This case CVE-2014-2942 It was removed because it was found to be duplicated.By calculating the code of the superuser, the attacker gains a privileged terminal session, and as a result, PIN Physical or terminal access may be used to enter the code

Trust: 3.06

sources: NVD: CVE-2014-2943 // CERT/CC: VU#882207 // CERT/CC: VU#269991 // JVNDB: JVNDB-2014-003823

AFFECTED PRODUCTS

vendor:cobham plcmodel: - scope: - version: -

Trust: 1.6

vendor:cobham plcmodel:aviator 700dscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 700escope: - version: -

Trust: 0.8

vendor:cobhammodel:aviator 700dscope:eqversion: -

Trust: 0.6

vendor:cobhammodel:aviator 700escope:eqversion: -

Trust: 0.6

sources: CERT/CC: VU#882207 // CERT/CC: VU#269991 // JVNDB: JVNDB-2014-003823 // CNNVD: CNNVD-201407-336

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-2941
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201407-336
value: MEDIUM

Trust: 0.6

NVD: CVE-2014-2941
severity: HIGH
baseScore: 7.1
vectorString: NONE
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: CERT/CC: VU#269991 // CNNVD: CNNVD-201407-336

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201407-336

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201407-336

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003823

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#269991

PATCH
title:Aerospace and Security, SATCOM, Aeronautical:url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003823

EXTERNAL IDS
db:NVDid:CVE-2014-2943
Trust: 2.4
db:CERT/CCid:VU#269991
Trust: 1.6
db:CERT/CCid:VU#882207
Trust: 1.4
db:JVNid:JVNVU97923152
Trust: 0.8
db:JVNDBid:JVNDB-2014-003823
Trust: 0.8
db:BIDid:68427
Trust: 0.6
db:CNNVDid:CNNVD-201407-336
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882207 // 
            
            
            
            CERT/CC: VU#269991 // 
            
            
            
            JVNDB: JVNDB-2014-003823 // 
            
            
            
            CNNVD: CNNVD-201407-336 // 
            
            
            
            NVD: CVE-2014-2943

REFERENCES
url:http://cwe.mitre.org/data/definitions/798.html
Trust: 1.6
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/327.html
Trust: 0.8
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2943
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97923152/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2943
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/269991
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/882207
Trust: 0.6
url:http://www.securityfocus.com/bid/68427
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882207 // 
            
            
            
            CERT/CC: VU#269991 // 
            
            
            
            JVNDB: JVNDB-2014-003823 // 
            
            
            
            CNNVD: CNNVD-201407-336

CREDITS
Brandon Perry
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201407-336

SOURCES
db:CERT/CCid:VU#882207
db:CERT/CCid:VU#269991
db:JVNDBid:JVNDB-2014-003823
db:CNNVDid:CNNVD-201407-336
db:NVDid:CVE-2014-2943

LAST UPDATE DATE
2024-09-09T21:45:21.354000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#882207date:2014-09-18T00:00:00
db:CERT/CCid:VU#269991date:2014-08-14T00:00:00
db:JVNDBid:JVNDB-2014-003823date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201407-336date:2014-08-18T00:00:00
db:NVDid:CVE-2014-2943date:2023-11-07T02:19:40.113

SOURCES RELEASE DATE
db:CERT/CCid:VU#882207date:2014-08-07T00:00:00
db:CERT/CCid:VU#269991date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003823date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201407-336date:2014-07-15T00:00:00
db:NVDid:CVE-2014-2943date:2014-08-15T11:15:43.043