Vulnerability Description
The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nssglobal | Vmu Software | < 18.1.0 |
| Nssglobal | Satlink 2000 | - |
| Nssglobal | Satlink 2900 | - |
| Nssglobal | Satlink 2910 | - |
Related Weaknesses (CWE)
References
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-15652-sThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2019-15652-sThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
FAQ
What is CVE-2019-15652?
CVE-2019-15652 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code.
How severe is CVE-2019-15652?
CVE-2019-15652 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15652?
Check the references section above for vendor advisories and patch information. Affected products include: Nssglobal Vmu Software, Nssglobal Satlink 2000, Nssglobal Satlink 2900, Nssglobal Satlink 2910.