Strix
26.1K

CVE-2018-5071

UnknownEPSS 0.81%

Last modified

CVE-2018-5071 is a vulnerability of currently unknown severity. Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.

Description

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.

Metrics

EPSS Probability
0.81%

52.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CobhamSea Tel 116 Firmware222429

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-5071?
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.
How severe is CVE-2018-5071?
Severity scoring for CVE-2018-5071 is pending analysis. The EPSS model estimates a 0.81% probability of exploitation in the next 30 days.
How do I fix CVE-2018-5071?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-5071?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST