Details of VAR-201408-0272

ID

VAR-201408-0272

CVE

CVE-2014-2964

TITLE

Cobham Aviator satellite terminals contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#882207

DESCRIPTION

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2014-2964 // CERT/CC: VU#882207 // JVNDB: JVNDB-2014-003824 // CNVD: CNVD-2014-05040 // BID: 69140 // VULMON: CVE-2014-2964

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05040

AFFECTED PRODUCTS

vendor:	cobham	model:	aviator 700d	scope:	eq	version:	-	Trust: 1.6
vendor:	cobham	model:	aviator 700e	scope:	eq	version:	-	Trust: 1.6
vendor:	cobham plc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cobham plc	model:	aviator 700d	scope:	-	version:	-	Trust: 0.8
vendor:	cobham plc	model:	aviator 700e	scope:	-	version:	-	Trust: 0.8
vendor:	cobham	model:	aviator 700e	scope:	-	version:	-	Trust: 0.6
vendor:	cobham	model:	aviator 700d	scope:	-	version:	-	Trust: 0.6
vendor:	cobham	model:	plc aviator 700e	scope:	-	version:	-	Trust: 0.3
vendor:	cobham	model:	plc aviator 700d	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#882207 // CNVD: CNVD-2014-05040 // BID: 69140 // JVNDB: JVNDB-2014-003824 // CNNVD: CNNVD-201408-148 // NVD: CVE-2014-2964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2964
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2964
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-05040
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201408-148
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2014-2964
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2964
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-05040
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-05040 // VULMON: CVE-2014-2964 // JVNDB: JVNDB-2014-003824 // CNNVD: CNNVD-201408-148 // NVD: CVE-2014-2964

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003824 // NVD: CVE-2014-2964

THREAT TYPE

local

Trust: 0.9

sources: BID: 69140 // CNNVD: CNNVD-201408-148

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201408-148

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003824

PATCH

title:

Aerospace and Security, SATCOM, Aeronautical:

url:

http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2014-003824

EXTERNAL IDS

db:	CERT/CC	id:	VU#882207	Trust: 4.2
db:	NVD	id:	CVE-2014-2964	Trust: 3.4
db:	BID	id:	69140	Trust: 1.5
db:	JVN	id:	JVNVU97923152	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003824	Trust: 0.8
db:	CNVD	id:	CNVD-2014-05040	Trust: 0.6
db:	CNNVD	id:	CNNVD-201408-148	Trust: 0.6
db:	VULMON	id:	CVE-2014-2964	Trust: 0.1

sources: CERT/CC: VU#882207 // CNVD: CNVD-2014-05040 // VULMON: CVE-2014-2964 // BID: 69140 // JVNDB: JVNDB-2014-003824 // CNNVD: CNNVD-201408-148 // NVD: CVE-2014-2964

REFERENCES

url:	http://www.kb.cert.org/vuls/id/882207	Trust: 3.5
url:	http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx	Trust: 1.1
url:	http://cwe.mitre.org/data/definitions/327.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/798.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2964	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97923152/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2964	Trust: 0.8
url:	http://www.securityfocus.com/bid/69140	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CERT/CC: VU#882207 // CNVD: CNVD-2014-05040 // VULMON: CVE-2014-2964 // BID: 69140 // JVNDB: JVNDB-2014-003824 // CNNVD: CNNVD-201408-148 // NVD: CVE-2014-2964

CREDITS

Ruben Santamarta

Trust: 0.9

sources: BID: 69140 // CNNVD: CNNVD-201408-148

SOURCES

db:	CERT/CC	id:	VU#882207
db:	CNVD	id:	CNVD-2014-05040
db:	VULMON	id:	CVE-2014-2964
db:	BID	id:	69140
db:	JVNDB	id:	JVNDB-2014-003824
db:	CNNVD	id:	CNNVD-201408-148
db:	NVD	id:	CVE-2014-2964

LAST UPDATE DATE

2025-04-13T20:05:36.558000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#882207	date:	2014-09-18T00:00:00
db:	CNVD	id:	CNVD-2014-05040	date:	2014-08-15T00:00:00
db:	VULMON	id:	CVE-2014-2964	date:	2014-08-15T00:00:00
db:	BID	id:	69140	date:	2014-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-003824	date:	2014-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201408-148	date:	2014-08-18T00:00:00
db:	NVD	id:	CVE-2014-2964	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#882207	date:	2014-08-07T00:00:00
db:	CNVD	id:	CNVD-2014-05040	date:	2014-08-15T00:00:00
db:	VULMON	id:	CVE-2014-2964	date:	2014-08-15T00:00:00
db:	BID	id:	69140	date:	2014-08-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-003824	date:	2014-08-18T00:00:00
db:	CNNVD	id:	CNNVD-201408-148	date:	2014-08-12T00:00:00
db:	NVD	id:	CVE-2014-2964	date:	2014-08-15T11:15:43.090