The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/179732 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2014-08-15T10:00:00
Updated: 2014-08-15T01:57:00
Reserved: 2013-12-05T00:00:00
Link: CVE-2014-0328
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-08-15T11:15:42.903
Modified: 2014-08-15T16:58:29.930
Link: CVE-2014-0328
JSON object: View
Redhat Information
No data.
CWE