CVE Vulnerability

CVE-2018-19392

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4 Third Party Advisory
https://cyberskr.com/blog/cobham-satcom-250-500.html Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-03-15 04:29

Updated : 2020-08-24 05:37

NVD link : CVE-2018-19392

Mitre link : CVE-2018-19392

Products Affected
No products.
CWE
CWE-287