search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Datum Systems satellite modem devices contain multiple vulnerabilities

Vulnerability Note VU#917348

Original Release Date: 2014-07-11 | Last Revised: 2014-08-14

Overview

Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities

Description

CWE-220: Sensitive Data Under FTP Root - CVE-2014-2950

The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system.

CWE-798: Use of Hard-coded Credentials - CVE-2014-2951
The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has an undocumented admin user account with the password of admin.

Impact

A remote unauthenticated attacker may be able to gain full control of the device.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

917348
Expand all

Datum Systems

Notified:  May 16, 2014 Updated:  July 09, 2014

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 8.1 E:POC/RL:U/RC:UC
Environmental 2 CDP:N/TD:L/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Narendra Shinde and Ashish Kamble from Qualys Inc. for reporting this vulnerability

This document was written by Chris King.

Other Information

CVE IDs: CVE-2014-2950, CVE-2014-2951
Date Public: 2014-07-11
Date First Published: 2014-07-11
Date Last Updated: 2014-08-14 04:25 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.