Vulnerability-Lookup

CVE-2019-9529 (GCVE-0-2019-9529)

Vulnerability from cvelistv5 – Published: 2019-10-10 20:09 – Updated: 2024-09-16 20:07

Title

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default

Summary

Severity ?

No CVSS data available.

CWE

CWE-284 - Improper Access Control

Assigner

certcc

References

URL

	Vendor	Product	Version
	Cobham plc	Explorer 710	Affected: 1.07

FKIE_CVE-2019-9529

Vulnerability from fkie_nvd - Published: 2019-10-10 20:15 - Updated: 2024-11-21 04:51

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	cret@cert.org	https://kb.cert.org/vuls/id/719689/	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://kb.cert.org/vuls/id/719689/	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	cobham	explorer_710_firmware	1.07
	cobham	explorer_710	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADA493F5-3AA0-4A1E-81CD-1AE01B9BD4D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF6DB4B-2304-4E4C-92A1-BAF622E39BF1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
    },
    {
      "lang": "es",
      "value": "El portal de aplicaciones web del Cobham EXPLORER 710, versi\u00f3n de firmware 1.07, no presenta autenticaci\u00f3n por defecto. Esto podr\u00eda permitir que un atacante local no autenticado conectado al dispositivo acceda al portal y realice cualquier cambio en el dispositivo."
    }
  ],
  "id": "CVE-2019-9529",
  "lastModified": "2024-11-21T04:51:47.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-10T20:15:11.207",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/719689/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://kb.cert.org/vuls/id/719689/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-9529

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-9529

Aliases

CVE-2019-9529

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-9529",
    "description": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.",
    "id": "GSD-2019-9529"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-9529"
      ],
      "details": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.",
      "id": "GSD-2019-9529",
      "modified": "2023-12-13T01:23:47.665269Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "DATE_PUBLIC": "2019-10-09T04:00:00.000Z",
        "ID": "CVE-2019-9529",
        "STATE": "PUBLIC",
        "TITLE": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Explorer 710",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_name": "1.07",
                          "version_value": "1.07"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cobham plc"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "This issue was found by Kyle O\u0027Meara and David Belasco."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-284 Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#719689",
            "refsource": "CERT-VN",
            "url": "https://kb.cert.org/vuls/id/719689/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2019-9529"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#719689",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://kb.cert.org/vuls/id/719689/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-21T15:57Z",
      "publishedDate": "2019-10-10T20:15Z"
    }
  }
}

VAR-201910-0316

Vulnerability from variot - Updated: 2024-03-18 22:14

The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive’s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive ’ s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534 Execute arbitrary command - CVE-2019-9531 Service operation interruption (DoS) - CVE-2019-9534

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201910-0316",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "explorer 710",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cobham",
        "version": "1.07"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cobham plc",
        "version": null
      },
      {
        "model": "explorer 710",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cobham plc",
        "version": null
      },
      {
        "model": "explorer 710",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cobham plc",
        "version": "cobham explorer 710  firmware    1.07"
      },
      {
        "model": "explorer 710",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cobham plc",
        "version": "cobham explorer 710  firmware    1.08  and earlier"
      },
      {
        "model": "plc explorer",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cobham",
        "version": "7101.07"
      },
      {
        "model": "explorer 710",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cobham",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "explorer 710",
        "version": "1.07"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cobham:explorer_710_firmware:1.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cobham:explorer_710:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This document was written by Kyle O\u0027Meara and David Belasco of the CERT Coordination Center of the Carnegie Mellon Software Engineering Institute.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-9529",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-9529",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2019-35795",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "82aebd54-6b37-4700-91c2-0a6170c7658f",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-9529",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-9529",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-9529",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-35795",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201910-702",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "82aebd54-6b37-4700-91c2-0a6170c7658f",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device. CERT/CC researchers examined the satcom terminal Cobham EXPLORER 710 as an expansion of work from IOActive\u2019s findings in 2014. Cobham EXPLORER 710 is a portable satellite communications terminal used for satellite communications and Internet access. Cobham EXPLORER 710 The following multiple vulnerabilities exist in. CVE-2019-9530 There are no access restrictions on the document root directory of the product. Therefore, arbitrary files may be accessed by an attacker within the local network. CVE-2019-9531 Of the product 5454/tcp without authenticating to the port telnet connection is possible and telnet After connecting, 86 kind of Attention (AT) It is possible to execute commands. CVE-2019-9532 Of the product Web The interface sends the password for login in clear text. Therefore, password information may be stolen by an attacker within the local network. CVE-2019-9533 Firmware of the product v1.08 and all previous versions, the same root A password is used. By analyzing any applicable version of the firmware, an attacker can root It is possible to steal passwords. CVE-2019-9534 This product does not perform firmware image verification. Additionally, a development script left in the firmware allows you to upload and run a custom firmware image. Therefore, attackers within the local network can install tampered firmware, modify or steal communication content, install backdoors, and disrupt service operations. (DoS) Attacks may occur. In addition CERT/CC According to WiFi Because the password is set as HTTP It lacks headers and is also vulnerable to cross-site scripting and clickjacking attacks. These vulnerabilities are 2014 carried out in IOActive \u2019 s findings As a series of studies on CERT/CC newly discovered by researchers.The potential impact will vary for each vulnerability, but you may be affected by: * Leakage or falsification of information - CVE-2019-9529 , CVE-2019-9530 , CVE-2019-9531 , CVE-2019-9532 , CVE-2019-9533 , CVE-2019-9534* Execute arbitrary command - CVE-2019-9531* Service operation interruption (DoS) - CVE-2019-9534",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      },
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-9529",
        "trust": 4.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#719689",
        "trust": 3.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98031944",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "82AEBD54-6B37-4700-91C2-0A6170C7658F",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "id": "VAR-201910-0316",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      }
    ]
  },
  "last_update_date": "2024-03-18T22:14:34.859000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Ultra-Portable\u00a0BGAN\u00a0EXPLORER\u00a0710",
        "trust": 0.8,
        "url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcom-systems/ultra-portable-bgan/explorer-710/"
      },
      {
        "title": "Patch for Cobham plc EXPLORER 710 has an unknown vulnerability (CNVD-2019-35795)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/185637"
      },
      {
        "title": "Cobham plc EXPLORER 710 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99312"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-306",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of authentication for critical features (CWE-306) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Inappropriate authentication (CWE-287) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Sending important information in clear text (CWE-319) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Use hard-coded credentials (CWE-798) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://ioactive.com/pdfs/ioactive_satcom_security_whitepaper.pdf"
      },
      {
        "trust": 2.2,
        "url": "https://www.owasp.org/index.php/clickjacking"
      },
      {
        "trust": 2.2,
        "url": "https://www.owasp.org/index.php/content_security_policy"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9529"
      },
      {
        "trust": 1.6,
        "url": "https://kb.cert.org/vuls/id/719689/"
      },
      {
        "trust": 1.4,
        "url": "https://www.cobham.com/communications-and-connectivity/satcom/land-mobile-satcomsystems/ultra-portable-bgan/explorer-710/"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu98031944/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9530"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9531"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9532"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9533"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9534"
      },
      {
        "trust": 0.8,
        "url": "https://www.kb.cert.org/vuls/id/719689/"
      },
      {
        "trust": 0.6,
        "url": "https://www.kb.cert.org/vuls/id/719689"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-18T00:00:00",
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "date": "2019-10-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "date": "2019-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "date": "2019-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "date": "2019-10-10T20:15:11.207000",
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#719689"
      },
      {
        "date": "2019-10-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-35795"
      },
      {
        "date": "2024-03-05T08:16:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-010367"
      },
      {
        "date": "2019-12-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      },
      {
        "date": "2019-10-21T15:57:29.600000",
        "db": "NVD",
        "id": "CVE-2019-9529"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities found in the Cobham EXPLORER 710 satcom terminal",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719689"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "82aebd54-6b37-4700-91c2-0a6170c7658f"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201910-702"
      }
    ],
    "trust": 0.8
  }
}

GHSA-GC98-JRPR-JWQX

Vulnerability from github – Published: 2022-05-24 16:58 – Updated: 2024-04-04 02:21

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-9529"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-10T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The web application portal of the Cobham EXPLORER 710, firmware version 1.07, has no authentication by default. This could allow an unauthenticated, local attacker connected to the device to access the portal and to make any change to the device.",
  "id": "GHSA-gc98-jrpr-jwqx",
  "modified": "2024-04-04T02:21:24Z",
  "published": "2022-05-24T16:58:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9529"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/719689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2019-35795

Vulnerability from cnvd - Published: 2019-10-18

Title

Cobham plc EXPLORER 710存在未明漏洞（CNVD-2019-35795）

Description

Cobham plc EXPLORER 710是英国Cobham plc公司的一款便携式卫星终端设备。该产品主要提供卫星通信和互联网访问等功能。使用1.07版本固件的Cobham plc EXPLORER 710中的Web应用程序门户存在安全漏洞，该漏洞源于在默认情况下程序未能进行身份验证。本地攻击者可利用该漏洞访问该门户并对设备进行任意修改。

Severity

高

Patch Name

Cobham plc EXPLORER 710存在未明漏洞（CNVD-2019-35795）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.cobham.com

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-9529

Impacted products

Name
Cobham plc EXPLORER 710 1.07

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-9529"
    }
  },
  "description": "Cobham plc EXPLORER 710\u662f\u82f1\u56fdCobham plc\u516c\u53f8\u7684\u4e00\u6b3e\u4fbf\u643a\u5f0f\u536b\u661f\u7ec8\u7aef\u8bbe\u5907\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9b\u536b\u661f\u901a\u4fe1\u548c\u4e92\u8054\u7f51\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\n\n\u4f7f\u75281.07\u7248\u672c\u56fa\u4ef6\u7684Cobham plc EXPLORER 710\u4e2d\u7684Web\u5e94\u7528\u7a0b\u5e8f\u95e8\u6237\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u8be5\u95e8\u6237\u5e76\u5bf9\u8bbe\u5907\u8fdb\u884c\u4efb\u610f\u4fee\u6539\u3002",
  "discovererName": "by Kyle O\u0027Meara and David Belasco of the CERT Coordination Center of the Carnegie Mellon Software Engineering Institute",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.cobham.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-35795",
  "openTime": "2019-10-18",
  "patchDescription": "Cobham plc EXPLORER 710\u662f\u82f1\u56fdCobham plc\u516c\u53f8\u7684\u4e00\u6b3e\u4fbf\u643a\u5f0f\u536b\u661f\u7ec8\u7aef\u8bbe\u5907\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9b\u536b\u661f\u901a\u4fe1\u548c\u4e92\u8054\u7f51\u8bbf\u95ee\u7b49\u529f\u80fd\u3002\r\n\r\n\u4f7f\u75281.07\u7248\u672c\u56fa\u4ef6\u7684Cobham plc EXPLORER 710\u4e2d\u7684Web\u5e94\u7528\u7a0b\u5e8f\u95e8\u6237\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u7a0b\u5e8f\u672a\u80fd\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u8be5\u95e8\u6237\u5e76\u5bf9\u8bbe\u5907\u8fdb\u884c\u4efb\u610f\u4fee\u6539\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cobham plc EXPLORER 710\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-35795\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cobham plc EXPLORER 710 1.07"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-9529",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-12",
  "title": "Cobham plc EXPLORER 710\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2019-35795\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-9529 (GCVE-0-2019-9529)

FKIE_CVE-2019-9529

GSD-2019-9529

VAR-201910-0316

GHSA-GC98-JRPR-JWQX

CNVD-2019-35795

Tags

Sightings

Nomenclature