{"vuid":"VU#917348","idnumber":"917348","name":"Datum Systems satellite modem devices contain multiple vulnerabilities","keywords":["datum","psm-4500","psm-500","satellite","cwe-220","cwe-798","satcom"],"overview":"Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities","clean_desc":"CWE-220: Sensitive Data Under FTP Root - CVE-2014-2950\nThe Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. CWE-798: Use of Hard-coded Credentials - CVE-2014-2951\nThe Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has an undocumented admin user account with the password of admin.","impact":"A remote unauthenticated attacker may be able to gain full control of the device.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Narendra Shinde and Ashish Kamble from Qualys Inc. for reporting this vulnerability","author":"This document was written by Chris King.","public":["http://www.datumsystems.com/products","http://cwe.mitre.org/data/definitions/798.html","http://cwe.mitre.org/data/definitions/220.html"],"cveids":["CVE-2014-2950","CVE-2014-2951"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-05-05T11:46:58Z","publicdate":"2014-07-11T00:00:00Z","datefirstpublished":"2014-07-11T17:42:37Z","dateupdated":"2014-08-14T04:25:09Z","revision":14,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.1","cvss_environmentalscore":"2.0238851808","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}