CVE-2018-19394
Last modified
CVE-2018-19394 is a vulnerability of currently unknown severity. Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cobham | Satcom Sailor 800 Firmware | All versions |
| Cobham | Satcom Sailor 900 Firmware | All versions |
References
- https://cyberskr.com/blog/cobham-satcom-800-900.htmlThird Party Advisory
- https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03bThird Party Advisory
- https://cyberskr.com/blog/cobham-satcom-800-900.htmlThird Party Advisory
- https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03bThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-19394?
How severe is CVE-2018-19394?
How do I fix CVE-2018-19394?
Are you affected by CVE-2018-19394?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST