CVE-2014-2964 - Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) pro

CVE Details

CVE-2014-2964

Summary

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.

References

http://www.kb.cert.org/vuls/id/882207

Vulnerable Configurations

cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*
cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 15-08-2014 - 17:38)
Impact:	10.0
Exploitability:	3.4

CWE

NVD-CWE-Other

CAPEC

Click the CAPEC title to display a description

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

cert-vn

VU#882207

Last major update

15-08-2014 - 17:38

Published

15-08-2014 - 11:15

Last modified

15-08-2014 - 17:38