The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB…
mitre·CWE-119·Published 2019-02-22
The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.
The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.
British Airways Entertainment System, tal y como está instalado en Boeing 777-36N(ER) y, posiblemente, en otras aeronaves, no evita que la funcionalidad de carga/transferencia de datos por USB interactúe con los dispositivos USB de teclado y ratón, lo que permite que atacantes físicamente cercanos lleven a cabo ataques no anticipados contra las aplicaciones de Entertainment. Esto queda demostrado por el uso de acciones de copiar y pegar del ratón para desencadenar un desbordamiento de búfer del Chat o, posiblemente, otro tipo de impacto sin especificar.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.6 | 3.9 | 6.4 | AV:L/AC:L/Au:N/C:P/I:P/A:P |
| 3.0 | Primary | NVD | 6.8 | 0.9 | 5.9 | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |