Vulnerability CVE-2014-0328


Published: 2014-08-15

Description:
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cobham -> Ailor 6110 mini-c gmdss 
Cobham -> Sailor 6006 message terminal 
Cobham -> Sailor 6222 vhf 
Cobham -> Sailor 6300 mf / hf 

 References:
http://www.kb.cert.org/vuls/id/179732

Copyright 2021, cxsecurity.com

 

Back to Top