VAR-201903-1273
Vulnerability from variot - Updated: 2024-11-23 22:51Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "satcom sailor 900",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "satcom sailor 800",
"scope": "eq",
"trust": 1.0,
"vendor": "cobham",
"version": null
},
{
"model": "sailor 800",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "sailor 900",
"scope": null,
"trust": 0.8,
"vendor": "cobham plc",
"version": null
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "800"
},
{
"model": "satcom sailor",
"scope": "eq",
"trust": 0.6,
"vendor": "cobham",
"version": "900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cobham:satcom_sailor_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cobham:sailor_900_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
}
]
},
"cve": "CVE-2018-19393",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-19393",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-07545",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-130048",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-19393",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19393",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-19393",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-07545",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-589",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-130048",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system\u0027s configuration file. This was exploitable via multiple attack vectors depending on the device\u0027s configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19393"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19393",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-07545",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-130048",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"id": "VAR-201903-1273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
}
]
},
"last_update_date": "2024-11-23T22:51:51.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cobham.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://gist.github.com/cyberskr/1ade6d887039465d635e27fcbcc817a3"
},
{
"trust": 1.7,
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19393"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"db": "VULHUB",
"id": "VHN-130048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"date": "2019-03-15T00:00:00",
"db": "VULHUB",
"id": "VHN-130048"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"date": "2019-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"date": "2019-03-15T16:29:00.403000",
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07545"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-130048"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014749"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-589"
},
{
"date": "2024-11-21T03:57:50.930000",
"db": "NVD",
"id": "CVE-2018-19393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cobham Satcom Sailor 800 and 900 Device access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-589"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…