Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview

Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities.

Description

Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:

CWE-327**:****Use of a Broken or Risky Cryptographic Algorithm -**CVE-2014-2942 (Please note that the CVE for this vulnerability has been changed from CVE-2014-2943 to CVE-2014-2942 due to a duplicate CVE identifier.)
IOActive reports that Cobham satellite terminals utilize a risky algorithm to generate a PIN code for accessing the terminal. The algorithm is reversible and allows a local attacker to generate a superuser PIN code.

CWE-798:Use of Hard-coded Credentials - CVE-2014-2964
IOActive reports that certain privileged commands in the the satellite terminals require a password to execute. The commands debug, prod, do160, and flrp have hardcoded passwords. A local attacker may be able to gain unauthorized privileges using these commands.

The vendor Cobham has provided the following statement:
_Cobham SATCOM has found that potential exploitation of the vulnerabilities presented requires either physical access to the equipment or connectivity to the maintenance part of the network, which also requires a physical presence at the terminal. Specifically, in the aeronautical world, there are very strict requirements for equipment installation and physical access to the equipment is restricted to authorized personnel. _

_The described hardcoded credentials are only accessible via the maintenance port connector on the front-plate and will require direct access to the equipment via a serial port. The SDU is installed in the avionics bay of the aircraft, and is not accessible for unauthorized personnel. _

Cobham SATCOM will continue to evaluate any potential vulnerabilities with its equipment and implement increased security measures if required.

---

Impact

A local unauthenticated attacker may be able to gain full control of the satellite terminal.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

---

Vendor Information

882207

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Cobham plc Affected

Notified: January 14, 2014 Updated: July 28, 2014

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	6.9	AV:L/AC:M/Au:N/C:C/I:C/A:C
Temporal	6.2	E:POC/RL:U/RC:C
Environmental	2.0	CDP:H/TD:L/CR:ND/IR:ND/AR:ND

References

• <http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/product-range/aeronautical.aspx&gt;
• <http://cwe.mitre.org/data/definitions/327.html&gt;
• <http://cwe.mitre.org/data/definitions/798.html&gt;

Acknowledgements

Thanks to Ruben Santamarta for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs:	CVE-2014-2942, CVE-2014-2964
Date Public:	2014-08-07 Date First Published: