CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
75.8%
Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities
CWE-220:Sensitive Data Under FTP Root- CVE-2014-2950
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system.
CWE-798: Use of Hard-coded Credentials - CVE-2014-2951
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has an undocumented admin
user account with the password of admin.
A remote unauthenticated attacker may be able to gain full control of the device.
The CERT/CC is currently unaware of a practical solution to this problem.
917348
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 16, 2014 Updated: July 09, 2014
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.1 | E:POC/RL:U/RC:UC |
Environmental | 2.0 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Narendra Shinde and Ashish Kamble from Qualys Inc. for reporting this vulnerability.
This document was written by Chris King.
CVE IDs: | CVE-2014-2950, CVE-2014-2951 |
---|---|
Date Public: | 2014-07-11 Date First Published: |