Cobham Sailor 6000 series satellite terminals contain hardcoded credentials for communicating via the Tbus 2 protocol.
Description
Note: this is a different vulnerability from VU#460687 CWE-798: Use of Hard-coded Credentials |
Impact
An unauthenticated attacker may be able to send arbitrary Tbus 2 commands to the terminal, affecting the operation of the system. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Vendor Information (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Cobham plc | Affected | 14 Jan 2014 | 28 Jul 2014 |
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | 7.1 | AV:N/AC:M/Au:N/C:N/I:C/A:N |
Temporal | 5.8 | E:POC/RL:U/RC:UC |
Environmental | 1.4 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
References
- http://www.cobham.com/about-cobham/aerospace-and-security/about-us/satcom/satellite-communication-at-sea/products-and-services/inmarsat-fleetbroadband.aspx
- http://cwe.mitre.org/data/definitions/798.html
Credit
Thanks to Ruben Santamarta for reporting this vulnerability.
This document was written by Chris King.
Other Information
- CVE IDs: CVE-2014-2941
- Date Public: 07 8월 2014
- Date First Published: 07 8월 2014
- Date Last Updated: 07 8월 2014
- Document Revision: 7
'취약점 정보1' 카테고리의 다른 글
Something is amiss with the Interwebs! BGP is a flapping. (0) | 2014.08.14 |
---|---|
2014-08-09 취약점 정리 (0) | 2014.08.09 |
OpenSSL 취약점 보안업데이트 권고 (0) | 2014.08.09 |
Cisco IOS 와 IOS XE Software EnergyWise 서비스 거부 공격 보안업데이트 권고 (0) | 2014.08.09 |
UEFI EDK2 Capsule Update vulnerabilities (0) | 2014.08.08 |