search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cobham Aviator satellite terminals contain multiple vulnerabilities

Vulnerability Note VU#882207

Original Release Date: 2014-08-07 | Last Revised: 2014-09-18


Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities.


Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:

CWE-327: Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 (Please note that the CVE for this vulnerability has been changed from CVE-2014-2943 to CVE-2014-2942 due to a duplicate CVE identifier.)
IOActive reports that Cobham satellite terminals utilize a risky algorithm to generate a PIN code for accessing the terminal. The algorithm is reversible and allows a local attacker to generate a superuser PIN code.

CWE-798: Use of Hard-coded Credentials - CVE-2014-2964
IOActive reports that certain privileged commands in the the satellite terminals require a password to execute. The commands debug, prod, do160, and flrp have hardcoded passwords. A local attacker may be able to gain unauthorized privileges using these commands.

The vendor Cobham has provided the following statement:
Cobham SATCOM has found that potential exploitation of the vulnerabilities presented requires either physical access to the equipment or connectivity to the maintenance part of the network, which also requires a physical presence at the terminal. Specifically, in the aeronautical world, there are very strict requirements for equipment installation and physical access to the equipment is restricted to authorized personnel.

The described hardcoded credentials are only accessible via the maintenance port connector on the front-plate and will require direct access to the equipment via a serial port. The SDU is installed in the avionics bay of the aircraft, and is not accessible for unauthorized personnel.

Cobham SATCOM will continue to evaluate any potential vulnerabilities with its equipment and implement increased security measures if required.


A local unauthenticated attacker may be able to gain full control of the satellite terminal.


The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information


Cobham plc Affected

Notified:  January 14, 2014 Updated: July 28, 2014



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C
Temporal 6.2 E:POC/RL:U/RC:C
Environmental 2.0 CDP:H/TD:L/CR:ND/IR:ND/AR:ND



Thanks to Ruben Santamarta for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs: CVE-2014-2942, CVE-2014-2964
Date Public: 2014-08-07
Date First Published: 2014-08-07
Date Last Updated: 2014-09-18 18:16 UTC
Document Revision: 19

Sponsored by CISA.