Sign-up

ID

VAR-201910-0317


CVE

CVE-2019-9531


TITLE

Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal

Trust: 0.8

sources: CERT/CC: VU#719689

DESCRIPTION

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534

Trust: 3.06

sources: NVD: CVE-2019-9531 // CERT/CC: VU#719689 // JVNDB: JVNDB-2019-010367 // CNVD: CNVD-2019-35793 // IVD: 749ad358-983d-4df2-aba6-cd92baa86f78

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 749ad358-983d-4df2-aba6-cd92baa86f78 // CNVD: CNVD-2019-35793

AFFECTED PRODUCTS

vendor:cobhammodel:explorer 710scope:eqversion:1.07

Trust: 1.6

vendor:cobham plcmodel: - scope: - version: -

Trust: 0.8

vendor:cobham plcmodel:explorer 710scope:eqversion: -

Trust: 0.8

vendor:cobham plcmodel:explorer 710scope:eqversion:cobham explorer 710 firmware 1.07

Trust: 0.8

vendor:cobham plcmodel:explorer 710scope:lteversion:cobham explorer 710 firmware 1.08 and earlier

Trust: 0.8

vendor:cobhammodel:plc explorerscope:eqversion:7101.07

Trust: 0.6

vendor:cobhammodel:explorer 710scope:eqversion: -

Trust: 0.6

vendor:explorer 710model: - scope:eqversion:1.07

Trust: 0.2

sources: IVD: 749ad358-983d-4df2-aba6-cd92baa86f78 // CERT/CC: VU#719689 // CNVD: CNVD-2019-35793 // JVNDB: JVNDB-2019-010367 // CNNVD: CNNVD-201910-704 // NVD: CVE-2019-9531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9531
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-9531
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-35793
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201910-704
value: CRITICAL

Trust: 0.6

IVD: 749ad358-983d-4df2-aba6-cd92baa86f78
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2019-9531
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-35793
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 749ad358-983d-4df2-aba6-cd92baa86f78
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2019-9531
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-9531
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 749ad358-983d-4df2-aba6-cd92baa86f78 // CNVD: CNVD-2019-35793 // JVNDB: JVNDB-2019-010367 // CNNVD: CNNVD-201910-704 // NVD: CVE-2019-9531

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [NVD evaluation ]

Trust: 0.8

problemtype: others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype: Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

problemtype: Sending important information in clear text (CWE-319) [NVD evaluation ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

problemtype: Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-010367 // NVD: CVE-2019-9531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-704

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201910-704

PATCH

title:Ultra-Portable BGAN EXPLORER 710url:https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/

Trust: 0.8

title:Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35793)url:https://www.cnvd.org.cn/patchInfo/show/185633

Trust: 0.6

title:Cobham plc EXPLORER 710 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99314

Trust: 0.6

sources: CNVD: CNVD-2019-35793 // JVNDB: JVNDB-2019-010367 // CNNVD: CNNVD-201910-704

EXTERNAL IDS

db:NVDid:CVE-2019-9531

Trust: 4.0

db:CERT/CCid:VU#719689

Trust: 3.2

db:CNVDid:CNVD-2019-35793

Trust: 0.8

db:CNNVDid:CNNVD-201910-704

Trust: 0.8

db:JVNid:JVNVU98031944

Trust: 0.8

db:JVNDBid:JVNDB-2019-010367

Trust: 0.8

db:IVDid:749AD358-983D-4DF2-ABA6-CD92BAA86F78

Trust: 0.2

sources: IVD: 749ad358-983d-4df2-aba6-cd92baa86f78 // CERT/CC: VU#719689 // CNVD: CNVD-2019-35793 // JVNDB: JVNDB-2019-010367 // CNNVD: CNNVD-201910-704 // NVD: CVE-2019-9531

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2019-9531

Trust: 2.0

url:https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf

Trust: 1.6

url:https://www.owasp.org/index.php/clickjacking

Trust: 1.6

url:https://www.owasp.org/index.php/content_security_policy

Trust: 1.6

url:https://kb.cert.org/vuls/id/719689/

Trust: 1.6

url:https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu98031944/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9529

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9530

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9532

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9533

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-9534

Trust: 0.8

url:https://www.kb.cert.org/vuls/id/719689/

Trust: 0.8

sources: CERT/CC: VU#719689 // CNVD: CNVD-2019-35793 // JVNDB: JVNDB-2019-010367 // CNNVD: CNNVD-201910-704 // NVD: CVE-2019-9531

SOURCES

db:IVDid:749ad358-983d-4df2-aba6-cd92baa86f78
db:CERT/CCid:VU#719689
db:CNVDid:CNVD-2019-35793
db:JVNDBid:JVNDB-2019-010367
db:CNNVDid:CNNVD-201910-704
db:NVDid:CVE-2019-9531

LAST UPDATE DATE

2024-11-23T21:51:57.079000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#719689date:2019-10-11T00:00:00
db:CNVDid:CNVD-2019-35793date:2019-10-18T00:00:00
db:JVNDBid:JVNDB-2019-010367date:2024-03-05T08:16:00
db:CNNVDid:CNNVD-201910-704date:2019-11-05T00:00:00
db:NVDid:CVE-2019-9531date:2024-11-21T04:51:47.993

SOURCES RELEASE DATE

db:IVDid:749ad358-983d-4df2-aba6-cd92baa86f78date:2019-10-18T00:00:00
db:CERT/CCid:VU#719689date:2019-10-09T00:00:00
db:CNVDid:CNVD-2019-35793date:2019-10-18T00:00:00
db:JVNDBid:JVNDB-2019-010367date:2019-10-11T00:00:00
db:CNNVDid:CNNVD-201910-704date:2019-10-10T00:00:00
db:NVDid:CVE-2019-9531date:2019-10-10T20:15:11.333