{"api_version":"1","generated_at":"2026-05-11T15:23:51+00:00","cve":"CVE-2014-2964","urls":{"html":"https://cve.report/CVE-2014-2964","api":"https://cve.report/api/cve/CVE-2014-2964.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-2964","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-2964"},"summary":{"title":"CVE-2014-2964","description":"Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.","state":"PUBLISHED","assigner":"certcc","published_at":"2014-08-15 11:15:43","updated_at":"2026-05-06 22:30:45"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.9","severity":"","vector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.kb.cert.org/vuls/id/882207","name":"http://www.kb.cert.org/vuls/id/882207","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#882207 - Cobham Aviator satellite terminals contain multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-2964","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2964","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"2964","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cobham","cpe5":"aviator_700d","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"2964","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"cobham","cpe5":"aviator_700e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T10:28:46.049Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#882207","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/882207"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2014-08-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-08-15T01:57:00.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"VU#882207","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/882207"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2014-2964","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#882207","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/882207"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2014-2964","datePublished":"2014-08-15T10:00:00.000Z","dateReserved":"2014-04-21T00:00:00.000Z","dateUpdated":"2024-08-06T10:28:46.049Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2014-08-15 11:15:43","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:cobham:aviator_700d:-:*:*:*:*:*:*:*","matchCriteriaId":"BD3FE641-E175-4CC4-90BF-955B1C0217F3"},{"vulnerable":true,"criteria":"cpe:2.3:h:cobham:aviator_700e:-:*:*:*:*:*:*:*","matchCriteriaId":"4DF6EB81-6E66-4462-98AE-44DD641BCC90"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"2964","Ordinal":"1","Title":"CVE-2014-2964","CVE":"CVE-2014-2964","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"2964","Ordinal":"1","NoteData":"Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line.","Type":"Description","Title":"CVE-2014-2964"},{"CveYear":"2014","CveId":"2964","Ordinal":"2","NoteData":"2014-08-15","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"2964","Ordinal":"3","NoteData":"2014-08-14","Type":"Other","Title":"Modified"}]}}}