Lucene search

[email protected]CVE-2014-2940

HistoryAug 15, 2014 - 11:15 a.m.

CVE-2014-2940

2014-08-1511:15:42

[email protected]

web.nvd.nist.gov

cobham

sailor 900

sailor 6000

satellite terminals

firmware

hardcoded credentials

admin access

vulnerability

nvd

cve-2014-2940

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF and 2.11 VHF have hardcoded credentials for the administrator account, which allows attackers to obtain administrative control by leveraging physical access or terminal access.

Affected configurations

NVD

Node

cobhamsailor_900_firmwareMatch1.08_mfhf

cobhamsailor_900_firmwareMatch2.11_vhf

AND

cobhamsailor_900_vsatMatch-

Node

cobhamsailor_6000_series_firmwareMatch1.08_mfhf

cobhamsailor_6000_series_firmwareMatch2.11_vhf

AND

cobhamailor_6110_mini-c_gmdssMatch-

cobhamsailor_6006_message_terminalMatch-

cobhamsailor_6222_vhfMatch-

cobhamsailor_6300_mf_\/_hfMatch-

CPENameOperatorVersion
cobham:sailor_900_firmwarecobham sailor 900 firmwareeq1.08_mfhf
cobham:sailor_900_firmwarecobham sailor 900 firmwareeq2.11_vhf

CPE	Name	Operator	Version
cobham:sailor_900_firmware	cobham sailor 900 firmware	eq	1.08_mfhf
cobham:sailor_900_firmware	cobham sailor 900 firmware	eq	2.11_vhf

References

www.kb.cert.org/vuls/id/460687

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.5%

JSON

Related for CVE-2014-2940

prion1 cert1 nvd1 cvelist1