Sign-up

ID

VAR-201409-0449


CVE

CVE-2014-2942


TITLE

Cobham Aviator satellite terminals contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#882207

DESCRIPTION

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Cobham Aviator 700D and 700E are prone to a local information-disclosure vulnerability. An attacker with local access can exploit this issue to obtain sensitive information that may lead to further attacks

Trust: 3.15

sources: NVD: CVE-2014-2942 // CERT/CC: VU#882207 // JVNDB: JVNDB-2014-004370 // CNVD: CNVD-2014-06522 // BID: 69138

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-06522

AFFECTED PRODUCTS

vendor:cobhammodel:aviator 700dscope:eqversion: -

Trust: 1.6

vendor:cobhammodel:aviator 700escope:eqversion: -

Trust: 1.6

vendor:cobham plcmodel: - scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 700dscope: - version: -

Trust: 0.8

vendor:cobham plcmodel:aviator 700escope: - version: -

Trust: 0.8

vendor:cobhammodel:aviator 700escope: - version: -

Trust: 0.6

vendor:cobhammodel:aviator 700dscope: - version: -

Trust: 0.6

sources: CERT/CC: VU#882207 // CNVD: CNVD-2014-06522 // JVNDB: JVNDB-2014-004370 // CNNVD: CNNVD-201409-778 // NVD: CVE-2014-2942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2942
value: HIGH

Trust: 1.0

NVD: CVE-2014-2942
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-06522
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201409-778
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2014-2942
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06522
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-06522 // JVNDB: JVNDB-2014-004370 // CNNVD: CNNVD-201409-778 // NVD: CVE-2014-2942

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2014-004370 // NVD: CVE-2014-2942

THREAT TYPE

local

Trust: 0.9

sources: BID: 69138 // CNNVD: CNNVD-201409-778

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201409-778

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004370

PATCH
title:Aerospace and Security, SATCOM, Aeronautical:url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004370

EXTERNAL IDS
db:NVDid:CVE-2014-2942
Trust: 3.3
db:CERT/CCid:VU#882207
Trust: 3.2
db:BIDid:69138
Trust: 0.9
db:JVNid:JVNVU97923152
Trust: 0.8
db:JVNDBid:JVNDB-2014-004370
Trust: 0.8
db:OSVDBid:111898
Trust: 0.6
db:CERT/CCid:VU#563225
Trust: 0.6
db:CNVDid:CNVD-2014-06522
Trust: 0.6
db:CNNVDid:CNNVD-201409-778
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882207 // 
            
            
            
            CNVD: CNVD-2014-06522 // 
            
            
            
            BID: 69138 // 
            
            
            
            JVNDB: JVNDB-2014-004370 // 
            
            
            
            CNNVD: CNNVD-201409-778 // 
            
            
            
            NVD: CVE-2014-2942

REFERENCES
url:http://www.kb.cert.org/vuls/id/882207
Trust: 2.4
url:http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/327.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/798.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2942
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97923152/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2942
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/563225
Trust: 0.6
url:http://osvdb.com/show/osvdb/111898
Trust: 0.6
sources:
            
            
            CERT/CC: VU#882207 // 
            
            
            
            CNVD: CNVD-2014-06522 // 
            
            
            
            JVNDB: JVNDB-2014-004370 // 
            
            
            
            CNNVD: CNNVD-201409-778 // 
            
            
            
            NVD: CVE-2014-2942

CREDITS
Ruben Santamarta
Trust: 0.3
sources:
            
            
            BID: 69138

SOURCES
db:CERT/CCid:VU#882207
db:CNVDid:CNVD-2014-06522
db:BIDid:69138
db:JVNDBid:JVNDB-2014-004370
db:CNNVDid:CNNVD-201409-778
db:NVDid:CVE-2014-2942

LAST UPDATE DATE
2025-04-13T21:44:57.896000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#882207date:2014-09-18T00:00:00
db:CNVDid:CNVD-2014-06522date:2014-10-09T00:00:00
db:BIDid:69138date:2014-09-23T13:01:00
db:JVNDBid:JVNDB-2014-004370date:2014-09-25T00:00:00
db:CNNVDid:CNNVD-201409-778date:2014-09-28T00:00:00
db:NVDid:CVE-2014-2942date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#882207date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-06522date:2014-09-27T00:00:00
db:BIDid:69138date:2014-08-08T00:00:00
db:JVNDBid:JVNDB-2014-004370date:2014-09-25T00:00:00
db:CNNVDid:CNNVD-201409-778date:2014-09-23T00:00:00
db:NVDid:CVE-2014-2942date:2014-09-22T10:55:05.803