Details of VAR-201807-0129

ID

VAR-201807-0129

CVE

CVE-2016-9497

TITLE

Hughes satellite modems contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#614751

DESCRIPTION

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. Hughes Network Systems, LLC Multiple broadband satellite modems offered by are vulnerable to the following multiple vulnerabilities: * Incorrect input value validation (CWE-20) - CVE-2016-9494 * Problems with hard-coded credentials (CWE-798) - CVE-2016-9495 * The problem of lack of authentication for important functions (CWE-306) - CVE-2016-9496 * Avoiding authentication through another channel or path (CWE-288) - CVE-2016-9497Denial of service operation of the device by a remote third party (DoS) An attack could be performed, the device could be restarted, or an arbitrary command could be executed on the device. Multiple Hughes Satellite Modems are prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. A hard-coded credentials vulnerability 3. An authentication bypass vulnerability An attacker can exploit these issues to gain access to bypass certain security restrictions and obtain potentially sensitive information, perform unauthorized actions, or cause denial-of-service condition on the affected device. Other attacks are also possible. The following products are vulnerable: HN7740S DW7000 HN7000S/SM. Hughes satellite is a set of solutions for satellite broadband services from Hughes Corporation of the United States. HN7740S, DW7000 and HN7000S/SM are the modems used in it. The following products and versions are affected: Hughes HN7740S with firmware version 6.9.0.34; DW7000 with firmware version 6.9.0.34; HN7000S/SM with firmware version 6.9.0.34

Trust: 2.7

sources: NVD: CVE-2016-9497 // CERT/CC: VU#614751 // JVNDB: JVNDB-2016-008414 // BID: 96244 // VULHUB: VHN-98317

AFFECTED PRODUCTS

vendor:	hughes	model:	hn7000sm	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	dw7000	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	hn7000s	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes	model:	hn7740s	scope:	eq	version:	6.9.0.34	Trust: 1.6
vendor:	hughes network	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	kontron s t	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	dw7000	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	hn7000s/sm	scope:	-	version:	-	Trust: 0.8
vendor:	hughes network	model:	hn7740s	scope:	-	version:	-	Trust: 0.8
vendor:	hughes	model:	hn7740s	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	hn7000s/sm	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	dw7000	scope:	eq	version:	0	Trust: 0.3
vendor:	hughes	model:	hn7740s	scope:	ne	version:	6.9.0.34	Trust: 0.3
vendor:	hughes	model:	hn7000s/sm	scope:	ne	version:	6.9.0.34	Trust: 0.3
vendor:	hughes	model:	dw7000	scope:	ne	version:	6.9.0.34	Trust: 0.3

sources: CERT/CC: VU#614751 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9497 // CNNVD: CNNVD-201702-608

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-9497
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201702-608
value:	HIGH
Trust: 0.6
VULHUB:	VHN-98317
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
VULHUB:	VHN-98317
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT_NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-98317 // NVD: CVE-2016-9497 // CNNVD: CNNVD-201702-608

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-798	Trust: 0.8
problemtype:	CWE-306	Trust: 0.8
problemtype:	CWE-288	Trust: 0.8
problemtype:	CWE-20	Trust: 0.8

sources: VULHUB: VHN-98317 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9497

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201702-608

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201702-608

CONFIGURATIONS

sources: NVD: CVE-2016-9497

PATCH

title:	Broadband Satellite Modems, Routers, and Appliances	url:	https://www.hughes.com/technologies/broadband-satellite-systems/hn-systems	Trust: 0.8
title:	Multiple Hughes satellite modems Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68207	Trust: 0.6

sources: JVNDB: JVNDB-2016-008414 // CNNVD: CNNVD-201702-608

EXTERNAL IDS

db:	CERT/CC	id:	VU#614751	Trust: 3.6
db:	NVD	id:	CVE-2016-9497	Trust: 2.8
db:	BID	id:	96244	Trust: 2.0
db:	JVN	id:	JVNVU93522863	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-008414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-608	Trust: 0.7
db:	VULHUB	id:	VHN-98317	Trust: 0.1

sources: CERT/CC: VU#614751 // VULHUB: VHN-98317 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9497 // CNNVD: CNNVD-201702-608

REFERENCES

url:	https://www.kb.cert.org/vuls/id/614751	Trust: 2.5
url:	https://www.securityfocus.com/bid/96244	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9495	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9496	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9497	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9494	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93522863/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9497	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9494	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9495	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9496	Trust: 0.8
url:	http://www.hughes.com	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/614751	Trust: 0.3

sources: CERT/CC: VU#614751 // VULHUB: VHN-98317 // BID: 96244 // JVNDB: JVNDB-2016-008414 // NVD: CVE-2016-9497 // CNNVD: CNNVD-201702-608

CREDITS

anonymous

Trust: 0.3

sources: BID: 96244

SOURCES

db:	CERT/CC	id:	VU#614751
db:	VULHUB	id:	VHN-98317
db:	BID	id:	96244
db:	JVNDB	id:	JVNDB-2016-008414
db:	NVD	id:	CVE-2016-9497
db:	CNNVD	id:	CNNVD-201702-608

LAST UPDATE DATE

2023-12-18T12:50:39.330000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#614751	date:	2018-02-27T00:00:00
db:	VULHUB	id:	VHN-98317	date:	2019-10-09T00:00:00
db:	BID	id:	96244	date:	2017-03-07T04:02:00
db:	JVNDB	id:	JVNDB-2016-008414	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2016-9497	date:	2019-10-09T23:20:32.837
db:	CNNVD	id:	CNNVD-201702-608	date:	2019-10-17T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#614751	date:	2017-02-15T00:00:00
db:	VULHUB	id:	VHN-98317	date:	2018-07-13T00:00:00
db:	BID	id:	96244	date:	2017-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-008414	date:	2017-05-17T00:00:00
db:	NVD	id:	CVE-2016-9497	date:	2018-07-13T20:29:01.910
db:	CNNVD	id:	CNNVD-201702-608	date:	2017-02-20T00:00:00