CVE-2014-0328
UnknownEPSS 2.76%
Last modified
CVE-2014-0328 is a vulnerability of currently unknown severity. The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.. EPSS estimates a 2.76% chance of exploitation in the next 30 days.
Description
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cobham | Ailor 6110 Mini-C Gmdss | All versions |
| Cobham | Sailor 6006 Message Terminal | All versions |
| Cobham | Sailor 6222 Vhf | All versions |
| Cobham | Sailor 6300 Mf \/ Hf | All versions |
References
- http://www.kb.cert.org/vuls/id/179732Third Party Advisory, US Government Resource
- http://www.kb.cert.org/vuls/id/179732Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0328?
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
How severe is CVE-2014-0328?
Severity scoring for CVE-2014-0328 is pending analysis. The EPSS model estimates a 2.76% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0328?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-0328?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST