CVE-2019-9019 — MEDIUM (6.8)

Vulnerability Description

The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.

CVSS Score

6.8

MEDIUM

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
British Airways	Entertainment System	-

Related Weaknesses (CWE)

CWE-119

References

https://www.linkedin.com/pulse/buffer-overflow-exploitation-british-airways-systExploitThird Party Advisory
https://www.linkedin.com/pulse/buffer-overflow-exploitation-british-airways-systExploitThird Party Advisory

FAQ

What is CVE-2019-9019?

CVE-2019-9019 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and...

How severe is CVE-2019-9019?

CVE-2019-9019 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9019?

Check the references section above for vendor advisories and patch information. Affected products include: British Airways Entertainment System.