9.8

CVE-2018-19392

Exploit

EPSS 1.41%
Veröffentlicht 15.03.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 03:57:50
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cobham ≫ Satcom Sailor 250 Firmware Version < 1.25

Cobham ≫ Satcom Sailor 250 Version-

Cobham ≫ Satcom Sailor 500 Firmware Version < 1.25

Cobham ≫ Satcom Sailor 500 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.41%	0.691

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://cyberskr.com/blog/cobham-satcom-250-500.html

Third Party Advisory

Exploit

https://gist.github.com/CyberSKR/2dfd5dccb20a209ec4d35b2678bac0d4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19392

EUVD