CVE-2013-7180 - OpenCVE

Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cobham	Aviator 200 Aviator 300 Aviator 350 Aviator 700d Explorer Bgan Sailor 900 Vsat Sailor Fleetbroadband 150 Sailor Fleetbroadband 250 Sailor Fleetbroadband 500

Configuration 1 [-]

OR	cpe:2.3:h:cobham:aviator_200:-:::::::*
	cpe:2.3:h:cobham:aviator_300:-:::::::*
	cpe:2.3:h:cobham:aviator_350:-:::::::*
	cpe:2.3:h:cobham:aviator_700d:-:::::::*
	cpe:2.3:h:cobham:explorer_bgan:-:::::::*
	cpe:2.3:h:cobham:sailor_900_vsat:-:::::::*
	cpe:2.3:h:cobham:sailor_fleetbroadband_150:-:::::::*
	cpe:2.3:h:cobham:sailor_fleetbroadband_250:-:::::::*
	cpe:2.3:h:cobham:sailor_fleetbroadband_500:-:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/602006

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2014-08-15T10:00:00

Updated: 2024-08-06T18:01:20.094Z

Reserved: 2013-12-19T00:00:00

Link: CVE-2013-7180

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-08-15T11:15:42.827

Modified: 2014-08-15T17:02:35.697

Link: CVE-2013-7180

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-08-15T01:57:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#602006", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/602006"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2013-7180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#602006", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/602006"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.094Z"}, "title": "CVE Program Container", "references": [{"name": "VU#602006", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/602006"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2013-7180", "datePublished": "2014-08-15T10:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2024-08-06T18:01:20.094Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cobham:aviator_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA64EF41-6BDC-443A-897F-F172C3395A94", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:aviator_300:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EA1304E-3FB6-45CE-8C6D-1CBD5FB74893", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:aviator_350:-:*:*:*:*:*:*:*", "matchCriteriaId": "9798369A-9E46-4408-BB02-9C722E166299", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD3FE641-E175-4CC4-90BF-955B1C0217F3", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:explorer_bgan:-:*:*:*:*:*:*:*", "matchCriteriaId": "555E0CCB-642E-441E-A403-93DD00A5C745", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_900_vsat:-:*:*:*:*:*:*:*", "matchCriteriaId": "7704EFE7-FCF8-4109-AE65-B162604E0025", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_150:-:*:*:*:*:*:*:*", "matchCriteriaId": "12AF4243-F56F-4FEC-82EF-0A02C0AB54CA", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "49E0EA46-3D1B-40A7-8CB1-9EFA53954600", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_fleetbroadband_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEBC3788-5053-46B4-A197-55102D2FB004", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code."}, {"lang": "es", "value": "Los dispositivos Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, y 500; EXPLORER BGAN; y AVIATOR 200, 300, 350, y 700D no restringen debidamente la recuperaci\u00f3n de contrase\u00f1as, lo que permite a atacantes obtener privilegios de administraci\u00f3n mediante el aprovechamiento del acceso f\u00edsico o acceso al terminal para falsificar un c\u00f3digo de restablecimiento."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/640.html\">CWE-640: Weak Password Recovery Mechanism for Forgotten Password</a>", "id": "CVE-2013-7180", "lastModified": "2014-08-15T17:02:35.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-15T11:15:42.827", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/602006"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}