Vulnerabilities > CVE-2014-0328 - Remote Code Execution vulnerability in Cobham thraneLINK

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

cobham

critical

NVD

Published: 2014-08-15

Updated: 2014-08-15

Summary

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response. <a href="http://cwe.mitre.org/data/definitions/347.html">CWE-347: Improper Verification of Cryptographic Signature</a>

Vulnerable Configurations

Part	Description	Count
Hardware	Cobham Cobham Ailor 6110 Mini C Gmdss - Cobham Sailor 6006 Message Terminal - Cobham Sailor 6222 VHF - Cobham Sailor 6300 MF / HF -	4

References

http://www.kb.cert.org/vuls/id/179732