Vulnerability Description
Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cobham | Satcom Sailor 250 Firmware | < 1.25 |
| Cobham | Satcom Sailor 250 | - |
| Cobham | Satcom Sailor 500 Firmware | < 1.25 |
| Cobham | Satcom Sailor 500 | - |
Related Weaknesses (CWE)
References
- https://cyberskr.com/blog/cobham-satcom-250-500.htmlExploitThird Party Advisory
- https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4Third Party Advisory
- https://cyberskr.com/blog/cobham-satcom-250-500.htmlExploitThird Party Advisory
- https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4Third Party Advisory
FAQ
What is CVE-2018-19392?
CVE-2018-19392 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "adm...
How severe is CVE-2018-19392?
CVE-2018-19392 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-19392?
Check the references section above for vendor advisories and patch information. Affected products include: Cobham Satcom Sailor 250 Firmware, Cobham Satcom Sailor 250, Cobham Satcom Sailor 500 Firmware, Cobham Satcom Sailor 500.