Lucene search

CertccCVE-2014-0328

HistoryAug 15, 2014 - 11:15 a.m.

CVE-2014-0328

2014-08-1511:15:42

certcc

web.nvd.nist.gov

cve-2014-0328

cobham devices

thranelink protocol

firmware signatures

remote code execution

snmp

tftp

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.

Affected configurations

Nvd

Node

cobhamailor_6110_mini-c_gmdssMatch-

cobhamsailor_6006_message_terminalMatch-

cobhamsailor_6222_vhfMatch-

cobhamsailor_6300_mf_\/_hfMatch-

VendorProductVersionCPE
cobhamailor_6110_mini-c_gmdss-cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*
cobhamsailor_6006_message_terminal-cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*
cobhamsailor_6222_vhf-cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*
cobhamsailor_6300_mf_\/_hf-cpe:2.3:h:cobham:sailor_6300_mf_\/_hf:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cobham	ailor_6110_mini-c_gmdss	-	cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:::::::*
cobham	sailor_6006_message_terminal	-	cpe:2.3:h:cobham:sailor_6006_message_terminal:-:::::::*
cobham	sailor_6222_vhf	-	cpe:2.3:h:cobham:sailor_6222_vhf:-:::::::*
cobham	sailor_6300_mf_\/_hf	-	cpe:2.3:h:cobham:sailor_6300_mf_\/_hf:-:::::::*

References

www.kb.cert.org/vuls/id/179732

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

Related for CVE-2014-0328