Details of VAR-201903-1273

ID

VAR-201903-1273

CVE

CVE-2018-19393

TITLE

Cobham Satcom Sailor 800 and 900 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014749

DESCRIPTION

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business

Trust: 2.25

sources: NVD: CVE-2018-19393 // JVNDB: JVNDB-2018-014749 // CNVD: CNVD-2019-07545 // VULHUB: VHN-130048

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-07545

AFFECTED PRODUCTS

vendor:	cobham	model:	satcom sailor 900	scope:	eq	version:	-	Trust: 1.0
vendor:	cobham	model:	satcom sailor 800	scope:	eq	version:	-	Trust: 1.0
vendor:	cobham plc	model:	sailor 800	scope:	-	version:	-	Trust: 0.8
vendor:	cobham plc	model:	sailor 900	scope:	-	version:	-	Trust: 0.8
vendor:	cobham	model:	satcom sailor	scope:	eq	version:	800	Trust: 0.6
vendor:	cobham	model:	satcom sailor	scope:	eq	version:	900	Trust: 0.6

sources: CNVD: CNVD-2019-07545 // JVNDB: JVNDB-2018-014749 // NVD: CVE-2018-19393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19393
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19393
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-07545
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201903-589
value:	HIGH
Trust: 0.6
VULHUB:	VHN-130048
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19393
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-07545
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-130048
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19393
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-07545 // VULHUB: VHN-130048 // JVNDB: JVNDB-2018-014749 // CNNVD: CNNVD-201903-589 // NVD: CVE-2018-19393

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-130048 // JVNDB: JVNDB-2018-014749 // NVD: CVE-2018-19393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-589

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201903-589

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014749

PATCH

title:

Top Page

url:

https://www.cobham.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-014749

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19393	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-014749	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-589	Trust: 0.7
db:	CNVD	id:	CNVD-2019-07545	Trust: 0.6
db:	VULHUB	id:	VHN-130048	Trust: 0.1

sources: CNVD: CNVD-2019-07545 // VULHUB: VHN-130048 // JVNDB: JVNDB-2018-014749 // CNNVD: CNNVD-201903-589 // NVD: CVE-2018-19393

REFERENCES

url:	https://gist.github.com/cyberskr/1ade6d887039465d635e27fcbcc817a3	Trust: 3.1
url:	https://cyberskr.com/blog/cobham-satcom-800-900.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19393	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19393	Trust: 0.8

sources: CNVD: CNVD-2019-07545 // VULHUB: VHN-130048 // JVNDB: JVNDB-2018-014749 // CNNVD: CNNVD-201903-589 // NVD: CVE-2018-19393

SOURCES

db:	CNVD	id:	CNVD-2019-07545
db:	VULHUB	id:	VHN-130048
db:	JVNDB	id:	JVNDB-2018-014749
db:	CNNVD	id:	CNNVD-201903-589
db:	NVD	id:	CVE-2018-19393

LAST UPDATE DATE

2024-11-23T22:51:51.115000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-07545	date:	2019-03-20T00:00:00
db:	VULHUB	id:	VHN-130048	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014749	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-589	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-19393	date:	2024-11-21T03:57:50.930

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-07545	date:	2019-03-20T00:00:00
db:	VULHUB	id:	VHN-130048	date:	2019-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-014749	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-589	date:	2019-03-15T00:00:00
db:	NVD	id:	CVE-2018-19393	date:	2019-03-15T16:29:00.403