Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
33 vulnerabilities by Cobham plc
VAR-201408-0270
Vulnerability from variot - Updated: 2024-05-17 20:55Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states "there is no possibility to exploit another user's credentials. ** Unsettled ** This case has not been confirmed as a vulnerability. Tbus 2 Protocol is the protocol used for device maintenance. The vulnerability is VU#460687 It is a different problem. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, the vendor says that “There is no possibility of misusing other users' certificates”.Any by a third party Tbus 2 Commands may be sent and the system may be operated. The Cobham Sailor 6000 Series has a security bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sailor 6300 mf \\/ hf",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6006 message terminal",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "ailor 6110 mini-c gmdss",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6222 vhf",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6006 message terminal",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6110 mini-c gmdss",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6222 vhf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6300 mf/hf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor series",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "6000"
},
{
"model": "plc sailor series",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "60000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "BID",
"id": "69139"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69139"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2941",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2941",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04963",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2941",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-04963",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-149",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sailor 6000 satellite terminals have hardcoded Tbus 2 credentials, which allows remote attackers to obtain access via a TBUS2 command. NOTE: the vendor reportedly states \"there is no possibility to exploit another user\u0027s credentials. ** Unsettled ** This case has not been confirmed as a vulnerability. Tbus 2 Protocol is the protocol used for device maintenance. The vulnerability is VU#460687 It is a different problem. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.html In addition, the vendor says that \u201cThere is no possibility of misusing other users\u0027 certificates\u201d.Any by a third party Tbus 2 Commands may be sent and the system may be operated. The Cobham Sailor 6000 Series has a security bypass vulnerability. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2941"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "BID",
"id": "69139"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2941",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#269991",
"trust": 2.7
},
{
"db": "BID",
"id": "69139",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU91780498",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04963",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "BID",
"id": "69139"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"id": "VAR-201408-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
}
]
},
"last_update_date": "2024-05-17T20:55:46.014000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM, Inmarsat FleetBroadband:",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/269991"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/69139"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2941"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91780498/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2941"
},
{
"trust": 0.3,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "BID",
"id": "69139"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"db": "BID",
"id": "69139"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69139"
},
{
"date": "2014-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"date": "2014-08-15T11:15:42.997000",
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04963"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69139"
},
{
"date": "2015-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003714"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-149"
},
{
"date": "2024-05-17T00:59:11.123000",
"db": "NVD",
"id": "CVE-2014-2941"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sailor 6000 Authentication information is hard-coded in the satellite communication terminal of the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003714"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-149"
}
],
"trust": 0.6
}
}
VAR-201408-0271
Vulnerability from variot - Updated: 2024-04-19 22:11Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. ** Delete ** This case CVE-2014-2942 It was removed because it was found to be duplicated.By calculating the code of the superuser, the attacker gains a privileged terminal session, and as a result, PIN Physical or terminal access may be used to enter the code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700e",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700d",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700e",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cobham:aviator_700d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cobham:aviator_700e",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
],
"trust": 0.6
},
"cve": "CVE-2014-2943",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [],
"severity": [
{
"author": "CNNVD",
"id": "CNNVD-201407-336",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. ** Delete ** This case CVE-2014-2942 It was removed because it was found to be duplicated.By calculating the code of the superuser, the attacker gains a privileged terminal session, and as a result, PIN Physical or terminal access may be used to enter the code",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2943"
},
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2943",
"trust": 2.4
},
{
"db": "CERT/CC",
"id": "VU#882207",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU97923152",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#269991",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823",
"trust": 0.8
},
{
"db": "BID",
"id": "68427",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-336",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
},
{
"db": "NVD",
"id": "CVE-2014-2943"
}
]
},
"id": "VAR-201408-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.43295455
},
"last_update_date": "2024-04-19T22:11:18.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM, Aeronautical:",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2943"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97923152/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2943"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/269991"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/882207"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68427"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
},
{
"db": "NVD",
"id": "CVE-2014-2943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"date": "2014-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-336"
},
{
"date": "2014-08-15T11:15:43.043000",
"db": "NVD",
"id": "CVE-2014-2943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003823"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-336"
},
{
"date": "2023-11-07T02:19:40.113000",
"db": "NVD",
"id": "CVE-2014-2943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Aviator satellite terminals contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-336"
}
],
"trust": 0.6
}
}
VAR-201910-1692
Vulnerability from variot - Updated: 2024-03-18 22:14The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1692",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "7101.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"cve": "CVE-2019-9530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9530",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35794",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-160965",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9530",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9530",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-9530",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-35794",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-703",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-160965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "VULHUB",
"id": "VHN-160965"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9530"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "VULHUB",
"id": "VHN-160965"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9530",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2019-35794",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "0299E974-5745-47E9-B854-D1FA1A6A0291",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160965",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "VULHUB",
"id": "VHN-160965"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"id": "VAR-201910-1692",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "VULHUB",
"id": "VHN-160965"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
}
]
},
"last_update_date": "2024-03-18T22:14:35.032000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35794)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185635"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99313"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-200",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160965"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 1.6,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "VULHUB",
"id": "VHN-160965"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"db": "VULHUB",
"id": "VHN-160965"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "0299e974-5745-47e9-b854-d1fa1a6a0291"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"date": "2019-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-160965"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"date": "2019-10-10T20:15:11.270000",
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35794"
},
{
"date": "2019-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-160965"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2021-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-703"
},
{
"date": "2021-10-26T20:17:51.297000",
"db": "NVD",
"id": "CVE-2019-9530"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-703"
}
],
"trust": 0.6
}
}
VAR-201910-0317
Vulnerability from variot - Updated: 2024-03-18 22:14The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "7101.07"
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"cve": "CVE-2019-9531",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9531",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35793",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "749ad358-983d-4df2-aba6-cd92baa86f78",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9531",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9531",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-35793",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-704",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9531"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9531",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2019-35793",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "749AD358-983D-4DF2-ABA6-CD92BAA86F78",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"id": "VAR-201910-0317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
}
]
},
"last_update_date": "2024-03-18T22:14:34.995000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35793)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185633"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 1.6,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "749ad358-983d-4df2-aba6-cd92baa86f78"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"date": "2019-10-10T20:15:11.333000",
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35793"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-704"
},
{
"date": "2019-10-17T16:42:57.753000",
"db": "NVD",
"id": "CVE-2019-9531"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-704"
}
],
"trust": 0.6
}
}
VAR-201910-0318
Vulnerability from variot - Updated: 2024-03-18 22:14The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0318",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "7101.07"
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"cve": "CVE-2019-9532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9532",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35800",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9532",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9532",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9532",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-35800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-705",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9532"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9532",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2019-35800",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "FFC2D02A-CC2F-43B4-A4C9-C45EF76A6268",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"id": "VAR-201910-0318",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
}
]
},
"last_update_date": "2024-03-18T22:14:34.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35800)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185631"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99315"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 1.6,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"date": "2019-10-10T20:15:11.410000",
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35800"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-705"
},
{
"date": "2019-10-17T16:31:33.957000",
"db": "NVD",
"id": "CVE-2019-9532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "ffc2d02a-cc2f-43b4-a4c9-c45ef76a6268"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-705"
}
],
"trust": 0.8
}
}
VAR-201910-0319
Vulnerability from variot - Updated: 2024-03-18 22:14The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "710\u003c=1.08"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"cve": "CVE-2019-9533",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9533",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9533",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9533",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-35799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-706",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9533"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9533",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2019-35799",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "A79EA90C-0749-4875-94FF-D1671C89A10F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"id": "VAR-201910-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
}
]
},
"last_update_date": "2024-03-18T22:14:34.930000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35799)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185629"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 1.6,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "a79ea90c-0749-4875-94ff-d1671c89a10f"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"date": "2019-10-10T20:15:11.473000",
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35799"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-706"
},
{
"date": "2020-10-16T13:15:56.613000",
"db": "NVD",
"id": "CVE-2019-9533"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-706"
}
],
"trust": 0.6
}
}
VAR-201910-0320
Vulnerability from variot - Updated: 2024-03-18 22:14The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. This could allow a remote attacker to access the device and execute these commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "7101.07"
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"cve": "CVE-2019-9534",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9534",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35798",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9534",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9534",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9534",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-35798",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-707",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9529 Of the product Web The interface does not require authentication in its default state. Therefore, an attacker within the local network can Web The portal may be accessed and settings may be changed. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. This could allow a remote attacker to access the device and execute these commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9534"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9534",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2019-35798",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "B37781A8-AE4E-42C7-A32D-28E5F88BE4E6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"id": "VAR-201910-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
}
]
},
"last_update_date": "2024-03-18T22:14:34.893000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185627"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99317"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-494",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 1.6,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 1.6,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"date": "2019-10-10T20:15:11.537000",
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35798"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-707"
},
{
"date": "2024-02-15T21:20:26.287000",
"db": "NVD",
"id": "CVE-2019-9534"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "b37781a8-ae4e-42c7-a32d-28e5f88be4e6"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-707"
}
],
"trust": 0.8
}
}
VAR-201910-0316
Vulnerability from variot - Updated: 2024-03-18 22:14The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "explorer 710",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.07"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.07"
},
{
"model": "explorer 710",
"scope": "lte",
"trust": 0.8,
"vendor": "cobham plc",
"version": "cobham explorer 710 firmware 1.08 and earlier"
},
{
"model": "plc explorer",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "7101.07"
},
{
"model": "explorer 710",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "explorer 710",
"version": "1.07"
}
],
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Kyle O\u0027Meara and David Belasco of the CERT Coordination Center of the Carnegie Mellon Software Engineering Institute.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9529",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9529",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-35795",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9529",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9529",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-9529",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-35795",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9529"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9529",
"trust": 4.0
},
{
"db": "CERT/CC",
"id": "VU#719689",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2019-35795",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98031944",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367",
"trust": 0.8
},
{
"db": "IVD",
"id": "82AEBD54-6B37-4700-91C2-0A6170C7658F",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"id": "VAR-201910-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
}
]
},
"last_update_date": "2024-03-18T22:14:34.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
"trust": 0.8,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
},
{
"title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35795)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/185637"
},
{
"title": "Cobham plc EXPLORER 710 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99312"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
},
{
"trust": 2.2,
"url": "https://www.owasp.org/index.php/clickjacking"
},
{
"trust": 2.2,
"url": "https://www.owasp.org/index.php/content_security_policy"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
},
{
"trust": 1.6,
"url": "https://kb.cert.org/vuls/id/719689/"
},
{
"trust": 1.4,
"url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98031944/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
},
{
"trust": 0.8,
"url": "https://www.kb.cert.org/vuls/id/719689/"
},
{
"trust": 0.6,
"url": "https://www.kb.cert.org/vuls/id/719689"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CERT/CC",
"id": "VU#719689"
},
{
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-18T00:00:00",
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"date": "2019-10-09T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"date": "2019-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"date": "2019-10-10T20:15:11.207000",
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#719689"
},
{
"date": "2019-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-35795"
},
{
"date": "2024-03-05T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2019-010367"
},
{
"date": "2019-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-702"
},
{
"date": "2019-10-21T15:57:29.600000",
"db": "NVD",
"id": "CVE-2019-9529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
"sources": [
{
"db": "CERT/CC",
"id": "VU#719689"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-702"
}
],
"trust": 0.8
}
}
VAR-201801-1446
Vulnerability from variot - Updated: 2023-12-18 14:05Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. Cobham Sea Tel 121 The device contains an information disclosure vulnerability.Information may be obtained. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. An information disclosure vulnerability exists in the CobhamSeaTel121build222701 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sea tel 121",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "222701"
},
{
"model": "sea tel 121",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "build 222701"
},
{
"model": "sea tel build",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "121222701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:sea_tel_121_firmware:222701:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sea_tel_121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5266"
}
]
},
"cve": "CVE-2018-5266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-5266",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03965",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5266",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5266",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-03965",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-320",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135297",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product\u0027s documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. Cobham Sea Tel 121 The device contains an information disclosure vulnerability.Information may be obtained. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. An information disclosure vulnerability exists in the CobhamSeaTel121build222701 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5266",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03965",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135297",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"id": "VAR-201801-1446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
}
]
},
"last_update_date": "2023-12-18T14:05:35.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5266"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5266"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/01/seatelcobham-terminales-satelitales.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"db": "VULHUB",
"id": "VHN-135297"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-135297"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"date": "2018-01-08T03:29:00.280000",
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"date": "2018-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03965"
},
{
"date": "2018-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-135297"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001428"
},
{
"date": "2018-02-01T18:23:25.810000",
"db": "NVD",
"id": "CVE-2018-5266"
},
{
"date": "2018-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001428"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-320"
}
],
"trust": 0.6
}
}
VAR-201903-1273
Vulnerability from variot - Updated: 2023-12-18 14:00Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "satcom sailor 800",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "satcom sailor 900",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 800",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "800"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"cve": "CVE-2018-19393",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19393",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-07545",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-130048",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19393",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19393",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-07545",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-589",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130048",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19393",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-07545",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-130048",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"id": "VAR-201903-1273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
}
]
},
"last_update_date": "2023-12-18T14:00:59.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://gist.github.com/cyberskr/1ade6d887039465d635e27fcbcc817a3"
},
{
"trust": 1.7,
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19393"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-130048"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"date": "2019-03-15T16:29:00.403000",
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-130048"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 Device access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
],
"trust": 0.6
}
}
VAR-201408-0277
Vulnerability from variot - Updated: 2023-12-18 13:57Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.htmlA remote attacker could control the device. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device. Cobham Sailor firmware version 1.08 MFHF / 2.11 VHF is vulnerable; other versions are also affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sailor 900",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "2.11_vhf"
},
{
"model": "sailor 900",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.08_mfhf"
},
{
"model": "sailor 6000 series",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "1.08_mfhf"
},
{
"model": "sailor 6000 series",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "2.11_vhf"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.08 mfhf"
},
{
"model": "sailor 6000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "2.11 vhf"
},
{
"model": "sailor 6006 message terminal",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6110 mini-c gmdss",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6222 vhf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6300 mf/hf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900 vsat",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.08 mfhf"
},
{
"model": "sailor 900",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "2.11 vhf"
},
{
"model": "sailor satellite terminals mfhf vhf",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "1.08/2.11"
},
{
"model": "plc sailor series mfhf vhf",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "9001.08/2.11"
},
{
"model": "plc sailor series mfhf vhf",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "60001.08/2.11"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "BID",
"id": "69141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:sailor_900_firmware:2.11_vhf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cobham:sailor_900_firmware:1.08_mfhf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_900_vsat:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:sailor_6000_series_firmware:1.08_mfhf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cobham:sailor_6000_series_firmware:2.11_vhf:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2940"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69141"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2940",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2940",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "NOT DEFINED",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-003713",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04962",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-70879",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2940",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-003713",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04962",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-147",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-70879",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "VULHUB",
"id": "VHN-70879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access. Cobham Sailor 900 and 6000 series satellite terminals contain hardcoded credentials. CWE-798: Use of Hard-coded Credentials https://cwe.mitre.org/data/definitions/798.htmlA remote attacker could control the device. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain access to the affected device. \nCobham Sailor firmware version 1.08 MFHF / 2.11 VHF is vulnerable; other versions are also affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "BID",
"id": "69141"
},
{
"db": "VULHUB",
"id": "VHN-70879"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2940",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#460687",
"trust": 3.6
},
{
"db": "BID",
"id": "69141",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU95202843",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04962",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70879",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "VULHUB",
"id": "VHN-70879"
},
{
"db": "BID",
"id": "69141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"id": "VAR-201408-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "VULHUB",
"id": "VHN-70879"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04962"
}
]
},
"last_update_date": "2023-12-18T13:57:43.083000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM, Inmarsat FleetBroadband:",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/460687"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/69141"
},
{
"trust": 1.1,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2940"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95202843/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2940"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "VULHUB",
"id": "VHN-70879"
},
{
"db": "BID",
"id": "69141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#460687"
},
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "VULHUB",
"id": "VHN-70879"
},
{
"db": "BID",
"id": "69141"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#460687"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"date": "2014-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-70879"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69141"
},
{
"date": "2014-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"date": "2014-08-15T11:15:42.950000",
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-14T00:00:00",
"db": "CERT/CC",
"id": "VU#460687"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"date": "2014-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-70879"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69141"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003713"
},
{
"date": "2014-08-15T17:21:16.587000",
"db": "NVD",
"id": "CVE-2014-2940"
},
{
"date": "2014-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sailor Satellite Terminals Security Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04962"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-147"
}
],
"trust": 0.6
}
}
VAR-201408-0147
Vulnerability from variot - Updated: 2023-12-18 13:48The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. Cobham thraneLINK There is a vulnerability in the firmware update function of the device. Cobham of thraneLINK The protocol does not verify the digital signature of the firmware update ( CWE-347 ). Also connected to the network thraneLINK The device SLPFindSrvs You can enumerate by protocol. As a result, crafted SNMP Prepared by a third party upon request TFTP server May download unauthorized firmware updates from. CWE-347: Improper Verification of Cryptographic Signature http://cwe.mitre.org/data/definitions/347.htmlBy a remote third party, thraneLINK A malicious firmware image may be deployed on the device and execute arbitrary code. Cobham thraneLINK is a communication protocol used by the Cobham Company in the United Kingdom for satellite communication systems. It supports SAILOR devices in connected networks and provides remote diagnostics. Cobham thraneLINK has a remote code execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0147",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6222 vhf",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6006 message terminal",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "ailor 6110 mini-c gmdss",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6300 mf \\/ hf",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 6006 message terminal",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6110 mini-c gmdss",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6222 vhf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 6300 mf/hf",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "thranelink",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "plc thranelink",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "BID",
"id": "69153"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0328"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69153"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0328",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.1,
"exploitability": "UNPROVEN",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0328",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-003712",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04953",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0328",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-003712",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04953",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-141",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. Cobham thraneLINK There is a vulnerability in the firmware update function of the device. Cobham of thraneLINK The protocol does not verify the digital signature of the firmware update ( CWE-347 ). Also connected to the network thraneLINK The device SLPFindSrvs You can enumerate by protocol. As a result, crafted SNMP Prepared by a third party upon request TFTP server May download unauthorized firmware updates from. CWE-347: Improper Verification of Cryptographic Signature http://cwe.mitre.org/data/definitions/347.htmlBy a remote third party, thraneLINK A malicious firmware image may be deployed on the device and execute arbitrary code. Cobham thraneLINK is a communication protocol used by the Cobham Company in the United Kingdom for satellite communication systems. It supports SAILOR devices in connected networks and provides remote diagnostics. Cobham thraneLINK has a remote code execution vulnerability. Failed exploit attempts will likely cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "BID",
"id": "69153"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0328",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#179732",
"trust": 3.5
},
{
"db": "BID",
"id": "69153",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99941229",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04953",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "BID",
"id": "69153"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"id": "VAR-201408-0147",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04953"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04953"
}
]
},
"last_update_date": "2023-12-18T13:48:58.073000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAILOR 6000 Series",
"trust": 0.8,
"url": "http://thrane.sailor6000series.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/179732"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/69153"
},
{
"trust": 0.8,
"url": "http://thrane.sailor6000series.com/"
},
{
"trust": 0.8,
"url": "http://esupport.thrane.com/index.php?_m=downloads\u0026_a=downloadfile\u0026downloaditemid=2130"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/media/960477/sailor_6000_series_brochure.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0328"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99941229/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0328"
},
{
"trust": 0.3,
"url": "www.cobham.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "BID",
"id": "69153"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#179732"
},
{
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"db": "BID",
"id": "69153"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#179732"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69153"
},
{
"date": "2014-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"date": "2014-08-15T11:15:42.903000",
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-14T00:00:00",
"db": "CERT/CC",
"id": "VU#179732"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04953"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69153"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003712"
},
{
"date": "2014-08-15T16:58:29.930000",
"db": "NVD",
"id": "CVE-2014-0328"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham thraneLINK improper verification of firmware updates vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#179732"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-141"
}
],
"trust": 0.6
}
}
VAR-201801-1651
Vulnerability from variot - Updated: 2023-12-18 13:38Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. Cobham Sea Tel 121 The device contains an information disclosure vulnerability.Information may be obtained. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. An information disclosure vulnerability exists in the CobhamSeaTel121build222701 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1651",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "seatel 121",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sea tel 121",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "build 222701"
},
{
"model": "sea tel build",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "121222701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:seatel_121_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:seatel_121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5728"
}
]
},
"cve": "CVE-2018-5728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-5728",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03967",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135760",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5728",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5728",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03967",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-567",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135760",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details. Cobham Sea Tel 121 The device contains an information disclosure vulnerability.Information may be obtained. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. An information disclosure vulnerability exists in the CobhamSeaTel121build222701 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5728",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03967",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135760",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"id": "VAR-201801-1651",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
}
]
},
"last_update_date": "2023-12-18T13:38:44.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cobham.com/"
},
{
"title": "Patch for CobhamSeaTel Information Disclosure Vulnerability (CNVD-2018-03967)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/119463"
},
{
"title": "Cobham Sea Tel Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-donde-esta-mi-barco.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5728"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5728"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/01/seatelcobham-donde-esta-mi-barco.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"db": "VULHUB",
"id": "VHN-135760"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"date": "2018-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-135760"
},
{
"date": "2018-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"date": "2018-01-16T23:29:00.207000",
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"date": "2018-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03967"
},
{
"date": "2018-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-135760"
},
{
"date": "2018-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001441"
},
{
"date": "2018-02-02T15:23:20.187000",
"db": "NVD",
"id": "CVE-2018-5728"
},
{
"date": "2018-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-567"
}
],
"trust": 0.6
}
}
VAR-201408-0034
Vulnerability from variot - Updated: 2023-12-18 13:34Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. Cobham Multiple product web interfaces are vulnerable to a password recovery mechanism. Cobham Multiple product web interfaces have a password reset mechanism. It ’s easy to analyze this mechanism, and the administrator account password can be altered ( CWE-640 ). CWE-640: Weak Password Recovery Mechanism for Forgotten Password http://cwe.mitre.org/data/definitions/640.htmlA remote attacker who accesses the web interface may reset the administrator password and operate the product. Cobham SATCOM is a satellite communications company. Multiple Cobham products are prone to an information-disclosure vulnerability. An attacker can leverage this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sailor fleetbroadband 250",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor fleetbroadband 500",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor fleetbroadband 150",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 200",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "explorer bgan",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 900 vsat",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 350",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 300",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700d",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 200",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 300",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 350",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "explorer bgan",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 150 fleetbroadband",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 250 fleetbroadband",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 500 fleetbroadband",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900 vsat",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "satcom",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "plc sailor fleetbroadband",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "5000"
},
{
"model": "plc sailor fleetbroadband",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "2500"
},
{
"model": "plc sailor fleetbroadband",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "1500"
},
{
"model": "plc sailor vsat",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "9000"
},
{
"model": "plc explorer bgan",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "0"
},
{
"model": "plc aviator",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "3500"
},
{
"model": "plc aviator",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "3000"
},
{
"model": "plc aviator",
"scope": "eq",
"trust": 0.3,
"vendor": "cobham",
"version": "2000"
},
{
"model": "plc aviator 700d",
"scope": null,
"trust": 0.3,
"vendor": "cobham",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "BID",
"id": "69148"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_900_vsat:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_fleetbroadband_250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_fleetbroadband_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:explorer_bgan:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:sailor_fleetbroadband_150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7180"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69148"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
],
"trust": 0.9
},
"cve": "CVE-2013-7180",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 7.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 4.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7180",
"impactScore": 6.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "UNCOFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-003711",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05036",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7180",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-003711",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-05036",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-146",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. Cobham Multiple product web interfaces are vulnerable to a password recovery mechanism. Cobham Multiple product web interfaces have a password reset mechanism. It \u2019s easy to analyze this mechanism, and the administrator account password can be altered ( CWE-640 ). CWE-640: Weak Password Recovery Mechanism for Forgotten Password http://cwe.mitre.org/data/definitions/640.htmlA remote attacker who accesses the web interface may reset the administrator password and operate the product. Cobham SATCOM is a satellite communications company. Multiple Cobham products are prone to an information-disclosure vulnerability. \nAn attacker can leverage this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "BID",
"id": "69148"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7180",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#602006",
"trust": 4.1
},
{
"db": "BID",
"id": "69148",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU93326351",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05036",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "BID",
"id": "69148"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"id": "VAR-201408-0034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05036"
}
],
"trust": 1.3208333300000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05036"
}
]
},
"last_update_date": "2023-12-18T13:34:37.123000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/602006"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services.aspx"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services/on-the-move-bgan.aspx"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/land-mobile-satcom-systems/products-and-services/ultra-portable-bgan.aspx"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/cockpit-and-cabin-communication/products-and-services/swiftbroadband-systems.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/640.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7180"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93326351/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7180"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69148"
},
{
"trust": 0.3,
"url": "www.cobham.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "BID",
"id": "69148"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#602006"
},
{
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"db": "BID",
"id": "69148"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#602006"
},
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69148"
},
{
"date": "2014-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"date": "2014-08-15T11:15:42.827000",
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"date": "2014-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#602006"
},
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05036"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69148"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003711"
},
{
"date": "2014-08-15T17:02:35.697000",
"db": "NVD",
"id": "CVE-2013-7180"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham SATCOM products\u0027 web interface contains a weak password recovery vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#602006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-146"
}
],
"trust": 0.6
}
}
VAR-201903-1336
Vulnerability from variot - Updated: 2023-12-18 13:18Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. Cobham Satcom Sailor 250 and 500 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor250 and 500 with firmware versions prior to 1.25. A remote attacker can exploit this vulnerability to inject executable JavaScript code with the help of the name field
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "satcom sailor 500",
"scope": "lt",
"trust": 1.0,
"vendor": "cobham",
"version": "1.25"
},
{
"model": "satcom sailor 250",
"scope": "lt",
"trust": 1.0,
"vendor": "cobham",
"version": "1.25"
},
{
"model": "sailor 250",
"scope": "lt",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.25"
},
{
"model": "sailor 500",
"scope": "lt",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.25"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "250"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19391"
}
]
},
"cve": "CVE-2018-19391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19391",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-07561",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-19391",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19391",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-07561",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-585",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-19391",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. Cobham Satcom Sailor 250 and 500 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor250 and 500 with firmware versions prior to 1.25. A remote attacker can exploit this vulnerability to inject executable JavaScript code with the help of the name field",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "VULMON",
"id": "CVE-2018-19391"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19391",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-07561",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-19391",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"id": "VAR-201903-1336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
}
]
},
"last_update_date": "2023-12-18T13:18:48.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cobham.com/"
},
{
"title": "Patch for CobhamSatcomSailor250 and 500 Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156711"
},
{
"title": "Cobham Satcom Sailor 250 and 500 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90165"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://gist.github.com/cyberskr/f6fc93702b9b9b73afa07877d1479fe0"
},
{
"trust": 1.7,
"url": "https://cyberskr.com/blog/cobham-satcom-250-500.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19391"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19391"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"date": "2019-03-15T16:29:00.263000",
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07561"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-19391"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014747"
},
{
"date": "2019-03-15T17:40:41.040000",
"db": "NVD",
"id": "CVE-2018-19391"
},
{
"date": "2019-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 250 and 500 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014747"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-585"
}
],
"trust": 0.6
}
}
VAR-201903-1274
Vulnerability from variot - Updated: 2023-12-18 12:50Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor800 and 900. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "satcom sailor 800",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "satcom sailor 900",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 800",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "800"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19394"
}
]
},
"cve": "CVE-2018-19394",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19394",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2019-07547",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-130049",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-19394",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19394",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-07547",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-592",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-130049",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\u0027s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor800 and 900. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19394",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-592",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-07547",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-130049",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"id": "VAR-201903-1274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
}
]
},
"last_update_date": "2023-12-18T12:50:24.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://gist.github.com/cyberskr/fe21b920c8933867ea262a325d37f03b"
},
{
"trust": 1.7,
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19394"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19394"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"db": "VULHUB",
"id": "VHN-130049"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-130049"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"date": "2019-03-15T16:29:00.467000",
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07547"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-130049"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014750"
},
{
"date": "2019-03-15T17:34:18.283000",
"db": "NVD",
"id": "CVE-2018-19394"
},
{
"date": "2019-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-592"
}
],
"trust": 0.6
}
}
VAR-201903-1337
Vulnerability from variot - Updated: 2023-12-18 12:50Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). Cobham Satcom Sailor 250 and 500 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. There are security holes in CobhamSatcomSailor250 and 500 using firmware versions prior to 1.25
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1337",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "satcom sailor 500",
"scope": "lt",
"trust": 1.0,
"vendor": "cobham",
"version": "1.25"
},
{
"model": "satcom sailor 250",
"scope": "lt",
"trust": 1.0,
"vendor": "cobham",
"version": "1.25"
},
{
"model": "sailor 250",
"scope": "lt",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.25"
},
{
"model": "sailor 500",
"scope": "lt",
"trust": 0.8,
"vendor": "cobham plc",
"version": "1.25"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "250"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_250_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_250:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:satcom_sailor_500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:satcom_sailor_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19392"
}
]
},
"cve": "CVE-2018-19392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-19392",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-07546",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-19392",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19392",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-07546",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-591",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account\u0027s password (including the default \"admin\" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). Cobham Satcom Sailor 250 and 500 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. There are security holes in CobhamSatcomSailor250 and 500 using firmware versions prior to 1.25",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "CNVD",
"id": "CNVD-2019-07546"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19392",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-07546",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"id": "VAR-201903-1337",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
}
]
},
"last_update_date": "2023-12-18T12:50:24.114000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cobham.com/"
},
{
"title": "Patch for CobhamSatcomSailor250 and 500 Trust Management Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156699"
},
{
"title": "Cobham Satcom Sailor 250 and 500 Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90170"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://gist.github.com/cyberskr/2dfd5dccb20a209ec4d35b2678bac0d4"
},
{
"trust": 1.6,
"url": "https://cyberskr.com/blog/cobham-satcom-250-500.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19392"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"date": "2019-03-15T16:29:00.327000",
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07546"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014748"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-19392"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 250 and 500 Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014748"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-591"
}
],
"trust": 0.6
}
}
VAR-201801-1373
Vulnerability from variot - Updated: 2023-12-18 12:44Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. Cobham Sea Tel 116 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A cross-site scripting vulnerability exists in the web server in CobhamSeaTel116build222429
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sea tel 116",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "222429"
},
{
"model": "sea tel 116",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "build 222429"
},
{
"model": "sea tel build",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "116222429"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:sea_tel_116_firmware:222429:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sea_tel_116:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5071"
}
]
},
"cve": "CVE-2018-5071",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-5071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2018-03964",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-135102",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5071",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5071",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03964",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-321",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-135102",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device\u0027s TELNET shell built-in commands, as demonstrated by the \"set ship name\" command. This is similar to a Cross Protocol Injection with SNMP. Cobham Sea Tel 116 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A cross-site scripting vulnerability exists in the web server in CobhamSeaTel116build222429",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5071",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03964",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135102",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"id": "VAR-201801-1373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
}
]
},
"last_update_date": "2023-12-18T12:44:12.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5071"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5071"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/01/seatelcobham-terminales-satelitales.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "VULHUB",
"id": "VHN-135102"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-135102"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"date": "2018-01-08T03:29:00.233000",
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"date": "2018-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"date": "2018-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-135102"
},
{
"date": "2018-02-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001480"
},
{
"date": "2018-02-02T15:56:53.440000",
"db": "NVD",
"id": "CVE-2018-5071"
},
{
"date": "2018-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel Web Server Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03964"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-321"
}
],
"trust": 0.6
}
}
VAR-201801-1447
Vulnerability from variot - Updated: 2023-12-18 12:19Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. Cobham Sea Tel 121 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A security bypass vulnerability exists in the CobhamSeaTel121build222701 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sea tel 121",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": "222701"
},
{
"model": "sea tel 121",
"scope": "eq",
"trust": 0.8,
"vendor": "cobham plc",
"version": "build 222701"
},
{
"model": "sea tel build",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "121222701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cobham:sea_tel_121_firmware:222701:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:sea_tel_121:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5267"
}
]
},
"cve": "CVE-2018-5267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-5267",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03966",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135298",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5267",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5267",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-03966",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-319",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135298",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. Cobham Sea Tel 121 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A security bypass vulnerability exists in the CobhamSeaTel121build222701 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5267",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03966",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135298",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"id": "VAR-201801-1447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
}
]
},
"last_update_date": "2023-12-18T12:19:08.890000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5267"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5267"
},
{
"trust": 0.8,
"url": "http://misteralfa-hack.blogspot.jp/2018/01/seatelcobham-terminales-satelitales.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"db": "VULHUB",
"id": "VHN-135298"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-135298"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"date": "2018-01-08T03:29:00.327000",
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"date": "2018-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03966"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-135298"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001429"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-5267"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Sea Tel 121 Vulnerabilities related to authorization, authority, and access control in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001429"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-319"
}
],
"trust": 0.6
}
}
VAR-201409-0449
Vulnerability from variot - Updated: 2023-12-18 11:07Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Cobham Aviator 700D and 700E are prone to a local information-disclosure vulnerability. An attacker with local access can exploit this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aviator 700e",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700d",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700e",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700e",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2942"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69138"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2942",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-2942",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-06522",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2942",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-06522",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-778",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Cobham Aviator 700D and 700E are prone to a local information-disclosure vulnerability. \nAn attacker with local access can exploit this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "BID",
"id": "69138"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2942",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#882207",
"trust": 3.2
},
{
"db": "BID",
"id": "69138",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU97923152",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "111898",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#563225",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-06522",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "BID",
"id": "69138"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"id": "VAR-201409-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06522"
}
],
"trust": 1.03295455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06522"
}
]
},
"last_update_date": "2023-12-18T11:07:21.523000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM, Aeronautical:",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/882207"
},
{
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2942"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97923152/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2942"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/563225"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111898"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"db": "BID",
"id": "69138"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"date": "2014-08-08T00:00:00",
"db": "BID",
"id": "69138"
},
{
"date": "2014-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"date": "2014-09-22T10:55:05.803000",
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06522"
},
{
"date": "2014-09-23T13:01:00",
"db": "BID",
"id": "69138"
},
{
"date": "2014-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004370"
},
{
"date": "2014-09-22T14:43:08.123000",
"db": "NVD",
"id": "CVE-2014-2942"
},
{
"date": "2014-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69138"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Aviator satellite terminals contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-778"
}
],
"trust": 0.6
}
}
VAR-201408-0272
Vulnerability from variot - Updated: 2023-12-18 10:45Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0272",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aviator 700e",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700d",
"scope": "eq",
"trust": 1.6,
"vendor": "cobham",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700e",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "aviator 700e",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "aviator 700d",
"scope": null,
"trust": 0.6,
"vendor": "cobham",
"version": null
},
{
"model": "plc aviator 700e",
"scope": null,
"trust": 0.3,
"vendor": "cobham",
"version": null
},
{
"model": "plc aviator 700d",
"scope": null,
"trust": 0.3,
"vendor": "cobham",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "BID",
"id": "69140"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69140"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-2964",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05040",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2964",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05040",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-148",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-2964",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "BID",
"id": "69140"
},
{
"db": "VULMON",
"id": "CVE-2014-2964"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882207",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2014-2964",
"trust": 3.4
},
{
"db": "BID",
"id": "69140",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97923152",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05040",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-2964",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"db": "BID",
"id": "69140"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"id": "VAR-201408-0272",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05040"
}
],
"trust": 1.03295455
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05040"
}
]
},
"last_update_date": "2023-12-18T10:45:51.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Aerospace and Security, SATCOM, Aeronautical: ",
"trust": 0.8,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.kb.cert.org/vuls/id/882207"
},
{
"trust": 1.1,
"url": "http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2964"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97923152/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2964"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69140"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"db": "BID",
"id": "69140"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#882207"
},
{
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"db": "BID",
"id": "69140"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"date": "2014-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69140"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"date": "2014-08-15T11:15:43.090000",
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-18T00:00:00",
"db": "CERT/CC",
"id": "VU#882207"
},
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05040"
},
{
"date": "2014-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2964"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69140"
},
{
"date": "2014-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003824"
},
{
"date": "2014-08-15T17:38:54.657000",
"db": "NVD",
"id": "CVE-2014-2964"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69140"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Aviator satellite terminals contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#882207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-148"
}
],
"trust": 0.6
}
}
CVE-2019-9534 (GCVE-0-2019-9534)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-17 00:15
VLAI
Title
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
Summary
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
Severity
No CVSS data available.
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9534",
"STATE": "PUBLIC",
"TITLE": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9534",
"datePublished": "2019-10-10T20:09:47.814Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:15:54.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9533 (GCVE-0-2019-9533)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 16:28
VLAI
Title
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
Summary
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
Severity
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.08 , ≤ 1.08
(custom)
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"lessThanOrEqual": "1.08",
"status": "affected",
"version": "1.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9533",
"STATE": "PUBLIC",
"TITLE": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.08",
"version_value": "1.08"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9533",
"datePublished": "2019-10-10T20:09:47.781Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:25.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9532 (GCVE-0-2019-9532)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 19:30
VLAI
Title
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext
Summary
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
Severity
No CVSS data available.
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9532",
"STATE": "PUBLIC",
"TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9532",
"datePublished": "2019-10-10T20:09:47.739Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:16.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9531 (GCVE-0-2019-9531)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:02
VLAI
Title
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands
Summary
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9531",
"STATE": "PUBLIC",
"TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to a port that can run AT commands"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows unauthenticated access to port 5454. This could allow an unauthenticated, remote attacker to connect to this port via Telnet and execute 86 Attention (AT) commands, including some that provide unauthenticated, shell-like access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9531",
"datePublished": "2019-10-10T20:09:47.705Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:02:16.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9530 (GCVE-0-2019-9530)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 17:14
VLAI
Title
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
Summary
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9530",
"STATE": "PUBLIC",
"TITLE": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9530",
"datePublished": "2019-10-10T20:09:47.669Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:11.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9529 (GCVE-0-2019-9529)
Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:07
VLAI
Title
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default
Summary
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9529",
"STATE": "PUBLIC",
"TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9529",
"datePublished": "2019-10-10T20:09:47.632Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:10.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9533 (GCVE-0-2019-9533)
Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 16:28
VLAI
Title
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08
Summary
The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device.
Severity
No CVSS data available.
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.08 , ≤ 1.08
(custom)
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"lessThanOrEqual": "1.08",
"status": "affected",
"version": "1.08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9533",
"STATE": "PUBLIC",
"TITLE": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.08",
"version_value": "1.08"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The root password of the Cobham EXPLORER 710 is the same for all versions of firmware up to and including v1.08. This could allow an attacker to reverse-engineer the password from available versions to gain authenticated access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9533",
"datePublished": "2019-10-10T20:09:47.781Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:25.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9534 (GCVE-0-2019-9534)
Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-17 00:15
VLAI
Title
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image
Summary
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
Severity
No CVSS data available.
CWE
- CWE-494 - Download of Code Without Integrity Check
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9534",
"STATE": "PUBLIC",
"TITLE": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9534",
"datePublished": "2019-10-10T20:09:47.814Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:15:54.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9530 (GCVE-0-2019-9530)
Vulnerability from nvd – Published: 2019-10-10 20:09 – Updated: 2024-09-16 17:14
VLAI
Title
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files
Summary
The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.cert.org/vuls/id/719689/ | third-party-advisoryx_refsource_CERT-VN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cobham plc | Explorer 710 |
Affected:
1.07
|
Date Public
2019-10-09 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Explorer 710",
"vendor": "Cobham plc",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-10T20:09:47.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#719689",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://kb.cert.org/vuls/id/719689/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
"ID": "CVE-2019-9530",
"STATE": "PUBLIC",
"TITLE": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Explorer 710",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.07",
"version_value": "1.07"
}
]
}
}
]
},
"vendor_name": "Cobham plc"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was found by Kyle O\u0027Meara and David Belasco."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web root directory of the Cobham EXPLORER 710, firmware version 1.07, has no access restrictions on downloading and reading all files. This could allow an unauthenticated, local attacker connected to the device to access and download any file found in the web root directory."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#719689",
"refsource": "CERT-VN",
"url": "https://kb.cert.org/vuls/id/719689/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2019-9530",
"datePublished": "2019-10-10T20:09:47.669Z",
"dateReserved": "2019-03-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:14:11.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}