British Airways Entertainment System affected by Privilege Escalation Flaw

0

Of late a quiet crucial vulnerability has been reported in the British Airways Entertainment System. This vulnerability has also been classified as crucial. The problem that has become a matter of concern is a privilege escalation vulnerability existing in the entertainment system of the renowned airlines.

The issue revolves around the fact that a component tracked as CVE-2019-9019, is a security flaw that tends to affect significantly all the British Airways Entertainment Systems that are installed on Boeing 777-36N (ER) as well as in certain other aircraft also. Affected by this crucial issue is a part of the component USB handler.

As per the reports in the CVE database maintained by MITRE, the issue fails to prevent the USB charging or the, in other words, the data transfer features from interacting with the USB keyboard and the mouse devices. This issue carries the danger of allowing proximate physical attackers to carry out an unanticipated attack against the entertainment application of the airlines.

Image Credits – https://www.maxpixel.net

Any local unauthenticated attacker could potentially exploit this flaw. This major crucial issue can even lead to a chat buffer overflow and also lead to many unknown impacts as well that would stand as a threat to the dignity of the airlines.

This flaw is not an ordinary one and is something that cannot be overlooked as apart from triggering a buffer overflow, the flaw can also lead to a crash in the application of the entertainment system of the airlines.

Hector Marco Gisbert, who holds the position of associate professor in Cybersecurity and Networks at the University of West Scotland, is of the view that carrying out a potential attack on the application through the use of just the mouse is quite a time taking the task. He further states that the use of ASCII acts as a challenge to create a working ROP attack on the applications.

LEAVE A REPLY

Please enter your comment!
Please enter your name here