CVE-2018-19393

Опубликовано: 15 мар. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.

Ссылки

https://cyberskr.com/blog/cobham-satcom-800-900.html
Third Party Advisory
https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3
Third Party Advisory
https://cyberskr.com/blog/cobham-satcom-800-900.html
Third Party Advisory
https://gist.github.com/CyberSKR/1ade6d887039465d635e27fcbcc817a3
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00395

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-fvr7-9mcc-7r67