CVE-2014-0328

2014-08-1511:15:42

[email protected]

web.nvd.nist.gov

cve-2014-0328

cobham devices

thranelink protocol

firmware signatures

remote code execution

snmp

tftp

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.0%

JSON

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.

Affected configurations

NVD

Node

cobhamailor_6110_mini-c_gmdssMatch-

cobhamsailor_6006_message_terminalMatch-

cobhamsailor_6222_vhfMatch-

cobhamsailor_6300_mf_\/_hfMatch-

CPENameOperatorVersion
cobham:ailor_6110_mini-c_gmdsscobham ailor 6110 mini-c gmdsseq-
cobham:sailor_6006_message_terminalcobham sailor 6006 message terminaleq-
cobham:sailor_6222_vhfcobham sailor 6222 vhfeq-
cobham:sailor_6300_mf_\/_hfcobham sailor 6300 mf / hfeq-

CPE	Name	Operator	Version
cobham:ailor_6110_mini-c_gmdss	cobham ailor 6110 mini-c gmdss	eq	-
cobham:sailor_6006_message_terminal	cobham sailor 6006 message terminal	eq	-
cobham:sailor_6222_vhf	cobham sailor 6222 vhf	eq	-
cobham:sailor_6300_mf_\/_hf	cobham sailor 6300 mf / hf	eq	-