CVE-2019-9534
Last modified
CVE-2019-9534 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cobham | Explorer 710 Firmware | 1.07 |
References
- https://kb.cert.org/vuls/id/719689/Third Party Advisory, US Government Resource
- https://kb.cert.org/vuls/id/719689/Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9534?
How severe is CVE-2019-9534?
How do I fix CVE-2019-9534?
Are you affected by CVE-2019-9534?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST