Search criteria
4 vulnerabilities found for satcom_sailor_900_firmware by cobham
CVE-2018-19394 (GCVE-0-2018-19394)
Vulnerability from nvd – Published: 2019-03-15 16:00 – Updated: 2024-08-05 11:37
VLAI
Summary
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cyberskr.com/blog/cobham-satcom-800-900.html | x_refsource_MISC |
| https://gist.github.com/CyberSKR/fe21b920c8933867… | x_refsource_MISC |
Date Public
2019-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\u0027s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-15T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\u0027s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cyberskr.com/blog/cobham-satcom-800-900.html",
"refsource": "MISC",
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"name": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19394",
"datePublished": "2019-03-15T16:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19393 (GCVE-0-2018-19393)
Vulnerability from nvd – Published: 2019-03-15 16:00 – Updated: 2024-08-05 11:37
VLAI
Summary
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gist.github.com/CyberSKR/1ade6d887039465d… | x_refsource_MISC |
| https://cyberskr.com/blog/cobham-satcom-800-900.html | x_refsource_MISC |
Date Public
2019-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:10.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-15T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"name": "https://cyberskr.com/blog/cobham-satcom-800-900.html",
"refsource": "MISC",
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19393",
"datePublished": "2019-03-15T16:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:10.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19393 (GCVE-0-2018-19393)
Vulnerability from cvelistv5 – Published: 2019-03-15 16:00 – Updated: 2024-08-05 11:37
VLAI
Summary
Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gist.github.com/CyberSKR/1ade6d887039465d… | x_refsource_MISC |
| https://cyberskr.com/blog/cobham-satcom-800-900.html | x_refsource_MISC |
Date Public
2019-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:10.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-15T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3"
},
{
"name": "https://cyberskr.com/blog/cobham-satcom-800-900.html",
"refsource": "MISC",
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19393",
"datePublished": "2019-03-15T16:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:10.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19394 (GCVE-0-2018-19394)
Vulnerability from cvelistv5 – Published: 2019-03-15 16:00 – Updated: 2024-08-05 11:37
VLAI
Summary
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cyberskr.com/blog/cobham-satcom-800-900.html | x_refsource_MISC |
| https://gist.github.com/CyberSKR/fe21b920c8933867… | x_refsource_MISC |
Date Public
2019-03-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:37:11.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\u0027s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-15T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\u0027s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cyberskr.com/blog/cobham-satcom-800-900.html",
"refsource": "MISC",
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"name": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19394",
"datePublished": "2019-03-15T16:00:00.000Z",
"dateReserved": "2018-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:37:11.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}