Vulnerability Details : CVE-2018-19393
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.
Vulnerability category: Denial of service
Products affected by CVE-2018-19393
- cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-19393
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-19393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-19393
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-19393
-
https://cyberskr.com/blog/cobham-satcom-800-900.html
CyberSKR - Cyber Security ConsultancyThird Party Advisory
-
https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3
CVE-2018-19393: The Cobham Satcom Sailor 800 and Sailor 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. ยท GitHubThird Party Advisory
Jump to