CVE-2019-9019
MEDIUMBritish Airways Entertainment System - Buffer Overflow via USB HID Input
Title source: llmDescription
The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, does not prevent the USB charging/data-transfer feature from interacting with USB keyboard and mouse devices, which allows physically proximate attackers to conduct unanticipated attacks against Entertainment applications, as demonstrated by using mouse copy-and-paste actions to trigger a Chat buffer overflow or possibly have unspecified other impact.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.linkedin.com/pulse/buffer-overflow-exploitation-british-airways-system-marco-gisbert/
Scores
CVSS v3
6.8
EPSS
0.0048
EPSS Percentile
37.9%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
british_airways/entertainment_system
Published
Feb 22, 2019
Tracked Since
Feb 18, 2026