CVE-2014-0328 - OpenCVE

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cobham	Ailor 6110 Mini-c Gmdss Sailor 6006 Message Terminal Sailor 6222 Vhf Sailor 6300 Mf \/ Hf

Configuration 1 [-]

OR	cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:::::::*
	cpe:2.3:h:cobham:sailor_6006_message_terminal:-:::::::*
	cpe:2.3:h:cobham:sailor_6222_vhf:-:::::::*
	cpe:2.3:h:cobham:sailor_6300_mf_\/_hf:-:::::::*

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/179732

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2014-08-15T10:00:00

Updated: 2024-08-06T09:13:10.160Z

Reserved: 2013-12-05T00:00:00

Link: CVE-2014-0328

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-08-15T11:15:42.903

Modified: 2014-08-15T16:58:29.930

Link: CVE-2014-0328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-08-15T01:57:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#179732", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/179732"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-0328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#179732", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/179732"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:13:10.160Z"}, "title": "CVE Program Container", "references": [{"name": "VU#179732", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/179732"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-0328", "datePublished": "2014-08-15T10:00:00", "dateReserved": "2013-12-05T00:00:00", "dateUpdated": "2024-08-06T09:13:10.160Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cobham:ailor_6110_mini-c_gmdss:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEA4C870-472D-4CE8-BAF7-B489DA48AC4E", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_6006_message_terminal:-:*:*:*:*:*:*:*", "matchCriteriaId": "D85C2D45-B835-4374-B3AB-B3DE311BBFFA", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_6222_vhf:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CDFC3D-35A7-4530-A253-62E5DF82F3CD", "vulnerable": true}, {"criteria": "cpe:2.3:h:cobham:sailor_6300_mf_\\/_hf:-:*:*:*:*:*:*:*", "matchCriteriaId": "0328B479-A9BA-49A9-B352-70D8816F4463", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response."}, {"lang": "es", "value": "La implementaci\u00f3n del protocolo thraneLINK en los dispositivos Cobham no verifica las firmas de firmware, lo que permite a atacantes ejecutar c\u00f3digo arbitrario mediante el aprovechamiento del acceso f\u00edsico o acceso al terminal para enviar una solicitud SNMP y una respuesta TFTP."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/347.html\">CWE-347: Improper Verification of Cryptographic Signature</a>", "id": "CVE-2014-0328", "lastModified": "2014-08-15T16:58:29.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-15T11:15:42.903", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/179732"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}