Vulnerability Details : CVE-2018-19392
Potential exploit
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-19392
- cpe:2.3:o:cobham:satcom_sailor_250_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cobham:satcom_sailor_500_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19392
0.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19392
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-19392
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19392
-
https://cyberskr.com/blog/cobham-satcom-250-500.html
CyberSKR - Cyber Security ConsultancyExploit;Third Party Advisory
-
https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4
CVE-2018-19392: The Cobham Satcom Sailor 250 and Sailor 500 devices contained an unauthenticated password reset vulnerability. This could allow them to modify any user account's password (including thThird Party Advisory
Jump to