Sign-up

ID

VAR-201408-0277


CVE

CVE-2014-2940


TITLE

Cobham Sailor Satellite Terminals Security Bypass Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-04962 // CNNVD: CNNVD-201408-147

DESCRIPTION

Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.htmlA remote attacker could control the device. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device. Cobham Sailor firmware version 1.08 MFHF / 2.11 VHF is vulnerable; other versions are also affected

Trust: 3.24

sources: NVD: CVE-2014-2940 // CERT/CC: VU#460687 // JVNDB: JVNDB-2014-003713 // CNVD: CNVD-2014-04962 // BID: 69141 // VULHUB: VHN-70879

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04962

AFFECTED PRODUCTS

vendor:cobhammodel:sailor 900scope:eqversion:2.11_vhf

Trust: 1.6

vendor:cobhammodel:sailor 900scope:eqversion:1.08_mfhf

Trust: 1.6

vendor:cobhammodel:sailor 6000 seriesscope:eqversion:1.08_mfhf

Trust: 1.6

vendor:cobhammodel:sailor 6000 seriesscope:eqversion:2.11_vhf

Trust: 1.6

vendor:cobham plcmodel: - scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6000 seriesscope:eqversion:1.08 mfhf

Trust: 0.8

vendor:cobham plcmodel:sailor 6000 seriesscope:eqversion:2.11 vhf

Trust: 0.8

vendor:cobham plcmodel:sailor 6006 message terminalscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6110 mini-c gmdssscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6222 vhfscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 6300 mf/hfscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 900 vsatscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:sailor 900scope:eqversion:1.08 mfhf

Trust: 0.8

vendor:cobham plcmodel:sailor 900scope:eqversion:2.11 vhf

Trust: 0.8

vendor:cobhammodel:sailor satellite terminals mfhf vhfscope:eqversion:1.08/2.11

Trust: 0.6

vendor:cobhammodel:plc sailor series mfhf vhfscope:eqversion:9001.08/2.11

Trust: 0.3

vendor:cobhammodel:plc sailor series mfhf vhfscope:eqversion:60001.08/2.11

Trust: 0.3

sources: CERT/CC: VU#460687 // CNVD: CNVD-2014-04962 // BID: 69141 // JVNDB: JVNDB-2014-003713 // CNNVD: CNNVD-201408-147 // NVD: CVE-2014-2940

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2940
value: HIGH

Trust: 1.0

NVD: CVE-2014-2940
value: HIGH

Trust: 0.8

IPA: JVNDB-2014-003713
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04962
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201408-147
value: CRITICAL

Trust: 0.6

VULHUB: VHN-70879
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2940
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-2940
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-003713
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-04962
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70879
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#460687 // CNVD: CNVD-2014-04962 // VULHUB: VHN-70879 // JVNDB: JVNDB-2014-003713 // CNNVD: CNNVD-201408-147 // NVD: CVE-2014-2940

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003713 // NVD: CVE-2014-2940

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-147

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201408-147

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003713

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#460687

PATCH
title:Aerospace and Security, SATCOM, Inmarsat FleetBroadband:url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003713

EXTERNAL IDS
db:CERT/CCid:VU#460687
Trust: 3.6
db:NVDid:CVE-2014-2940
Trust: 3.4
db:BIDid:69141
Trust: 1.6
db:JVNid:JVNVU95202843
Trust: 0.8
db:JVNDBid:JVNDB-2014-003713
Trust: 0.8
db:CNNVDid:CNNVD-201408-147
Trust: 0.7
db:CNVDid:CNVD-2014-04962
Trust: 0.6
db:VULHUBid:VHN-70879
Trust: 0.1
sources:
            
            
            CERT/CC: VU#460687 // 
            
            
            
            CNVD: CNVD-2014-04962 // 
            
            
            
            VULHUB: VHN-70879 // 
            
            
            
            BID: 69141 // 
            
            
            
            JVNDB: JVNDB-2014-003713 // 
            
            
            
            CNNVD: CNNVD-201408-147 // 
            
            
            
            NVD: CVE-2014-2940

REFERENCES
url:http://www.kb.cert.org/vuls/id/460687
Trust: 2.8
url:http://www.securityfocus.com/bid/69141
Trust: 1.2
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx
Trust: 1.1
url:http://cwe.mitre.org/data/definitions/798.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2940
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95202843/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2940
Trust: 0.8
sources:
            
            
            CERT/CC: VU#460687 // 
            
            
            
            CNVD: CNVD-2014-04962 // 
            
            
            
            VULHUB: VHN-70879 // 
            
            
            
            BID: 69141 // 
            
            
            
            JVNDB: JVNDB-2014-003713 // 
            
            
            
            CNNVD: CNNVD-201408-147 // 
            
            
            
            NVD: CVE-2014-2940

CREDITS
Ruben Santamarta
Trust: 0.9
sources:
            
            
            BID: 69141 // 
            
            
            
            CNNVD: CNNVD-201408-147

SOURCES
db:CERT/CCid:VU#460687
db:CNVDid:CNVD-2014-04962
db:VULHUBid:VHN-70879
db:BIDid:69141
db:JVNDBid:JVNDB-2014-003713
db:CNNVDid:CNNVD-201408-147
db:NVDid:CVE-2014-2940

LAST UPDATE DATE
2025-04-13T23:21:25.330000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#460687date:2014-08-14T00:00:00
db:CNVDid:CNVD-2014-04962date:2014-08-13T00:00:00
db:VULHUBid:VHN-70879date:2014-08-15T00:00:00
db:BIDid:69141date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003713date:2014-08-18T00:00:00
db:CNNVDid:CNNVD-201408-147date:2014-09-02T00:00:00
db:NVDid:CVE-2014-2940date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#460687date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-04962date:2014-08-13T00:00:00
db:VULHUBid:VHN-70879date:2014-08-15T00:00:00
db:BIDid:69141date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003713date:2014-08-11T00:00:00
db:CNNVDid:CNNVD-201408-147date:2014-08-12T00:00:00
db:NVDid:CVE-2014-2940date:2014-08-15T11:15:42.950