7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.9%
Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities.
Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:
CWE-327**:****Use of a Broken or Risky Cryptographic Algorithm -**CVE-2014-2942 (Please note that the CVE for this vulnerability has been changed from CVE-2014-2943 to CVE-2014-2942 due to a duplicate CVE identifier.)
IOActive reports that Cobham satellite terminals utilize a risky algorithm to generate a PIN code for accessing the terminal. The algorithm is reversible and allows a local attacker to generate a superuser PIN code.
CWE-798:Use of Hard-coded Credentials - CVE-2014-2964
IOActive reports that certain privileged commands in the the satellite terminals require a password to execute. The commands debug, prod
, do160
, and flrp
have hardcoded passwords. A local attacker may be able to gain unauthorized privileges using these commands.
The vendor Cobham has provided the following statement:
_Cobham SATCOM has found that potential exploitation of the vulnerabilities presented requires either physical access to the equipment or connectivity to the maintenance part of the network, which also requires a physical presence at the terminal. Specifically, in the aeronautical world, there are very strict requirements for equipment installation and physical access to the equipment is restricted to authorized personnel. _
_The described hardcoded credentials are only accessible via the maintenance port connector on the front-plate and will require direct access to the equipment via a serial port. The SDU is installed in the avionics bay of the aircraft, and is not accessible for unauthorized personnel. _
Cobham SATCOM will continue to evaluate any potential vulnerabilities with its equipment and implement increased security measures if required.
A local unauthenticated attacker may be able to gain full control of the satellite terminal.
The CERT/CC is currently unaware of a practical solution to this problem.
882207
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: January 14, 2014 Updated: July 28, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 6.2 | E:POC/RL:U/RC:C |
Environmental | 2.0 | CDP:H/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Ruben Santamarta for reporting this vulnerability.
This document was written by Chris King.
CVE IDs: | CVE-2014-2942, CVE-2014-2964 |
---|---|
Date Public: | 2014-08-07 Date First Published: |