CVE Vulnerability

CVE-2018-19394

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.8 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b Third Party Advisory
https://cyberskr.com/blog/cobham-satcom-800-900.html Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-03-15 04:29

Updated : 2019-03-15 05:34

NVD link : CVE-2018-19394

Mitre link : CVE-2018-19394

Products Affected
No products.
CWE
CWE-79