CVE-2014-2964

{"id": "CVE-2014-2964", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-15T11:15:43.090", "references": [{"url": "http://www.kb.cert.org/vuls/id/882207", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line."}, {"lang": "es", "value": "Los terminales de sat\u00e9lite Cobham Aviator 700D y 700E tiene contrase\u00f1as embebidas para los programas (1) debug, (2) prod, (3) do160, y (4) flrp, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos ganar privilegios mediante el env\u00edo de una contrase\u00f1a por una l\u00ednea de seriales."}], "lastModified": "2014-08-15T17:38:54.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3FE641-E175-4CC4-90BF-955B1C0217F3"}, {"criteria": "cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF6EB81-6E66-4462-98AE-44DD641BCC90"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/798.html\">CWE-798: Use of Hard-coded Credentials</a>", "sourceIdentifier": "cret@cert.org"}