Vulnerabilities > CVE-2014-2964 - Unspecified vulnerability in Cobham Aviator 700D and Aviator 700E

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

cobham

NVD

Published: 2014-08-15

Updated: 2014-08-15

Summary

Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line. <a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>

Vulnerable Configurations

Part	Description	Count
Hardware	Cobham Cobham Aviator 700D - Cobham Aviator 700E -	2

References

http://www.kb.cert.org/vuls/id/882207