CVE-2013-6035

The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/250358	US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:japan_radio:jue-250:-:::::::*
	cpe:2.3:h:japan_radio:jue-500:-:::::::*
	cpe:2.3:h:thuraya_telecommunications:ip:-:::::::*
	cpe:2.3:h:gatehouse:gatehouse:-:::::::*
	cpe:2.3:h:harris:bgan:rf-7800b-vu204:::::::*
	cpe:2.3:h:hughes_network_systems:9201:-:::::::*
	cpe:2.3:h:hughes_network_systems:9502:-:::::::*
	cpe:2.3:h:harris:bgan:rf-7800b-du204:::::::*
	cpe:2.3:h:hughes_network_systems:9450:-:::::::*
	cpe:2.3:h:inmarsat:inmarsat:-:::::::*

Information

Published : 2014-02-03 21:39

Updated : 2014-02-04 08:26

NVD link : CVE-2013-6035

Mitre link : CVE-2013-6035

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

hughes_network_systems

9450
9502
9201

thuraya_telecommunications

ip

inmarsat

inmarsat

japan_radio

jue-250
jue-500

harris

bgan

gatehouse

gatehouse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/250358", "name": "VU#250358", "tags": ["US Government Resource"], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-6035", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-02-04T05:39Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:japan_radio:jue-250:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:japan_radio:jue-500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:thuraya_telecommunications:ip:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:gatehouse:gatehouse:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:harris:bgan:rf-7800b-vu204:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hughes_network_systems:9201:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hughes_network_systems:9502:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:harris:bgan:rf-7800b-du204:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:hughes_network_systems:9450:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:inmarsat:inmarsat:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-02-04T16:26Z"}