Details of VAR-201903-1337

ID

VAR-201903-1337

CVE

CVE-2018-19392

TITLE

Cobham Satcom Sailor 250 and 500 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-014748

DESCRIPTION

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). Cobham Satcom Sailor 250 and 500 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. There are security holes in CobhamSatcomSailor250 and 500 using firmware versions prior to 1.25

Trust: 2.16

sources: NVD: CVE-2018-19392 // JVNDB: JVNDB-2018-014748 // CNVD: CNVD-2019-07546

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-07546

AFFECTED PRODUCTS

vendor:	cobham	model:	satcom sailor 250	scope:	lt	version:	1.25	Trust: 1.0
vendor:	cobham	model:	satcom sailor 500	scope:	lt	version:	1.25	Trust: 1.0
vendor:	cobham plc	model:	sailor 250	scope:	lt	version:	1.25	Trust: 0.8
vendor:	cobham plc	model:	sailor 500	scope:	lt	version:	1.25	Trust: 0.8
vendor:	cobham	model:	satcom sailor	scope:	eq	version:	250	Trust: 0.6
vendor:	cobham	model:	satcom sailor	scope:	eq	version:	500	Trust: 0.6

sources: CNVD: CNVD-2019-07546 // JVNDB: JVNDB-2018-014748 // NVD: CVE-2018-19392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19392
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-19392
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-07546
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201903-591
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-19392
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-07546
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-19392
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-07546 // JVNDB: JVNDB-2018-014748 // CNNVD: CNNVD-201903-591 // NVD: CVE-2018-19392

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-014748 // NVD: CVE-2018-19392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-591

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201903-591

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014748

PATCH

title:	Top Page	url:	https://www.cobham.com/	Trust: 0.8
title:	Patch for CobhamSatcomSailor250 and 500 Trust Management Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/156699	Trust: 0.6
title:	Cobham Satcom Sailor 250 and 500 Repair measures for trust management vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90170	Trust: 0.6

sources: CNVD: CNVD-2019-07546 // JVNDB: JVNDB-2018-014748 // CNNVD: CNNVD-201903-591

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19392	Trust: 3.0
db:	JVNDB	id:	JVNDB-2018-014748	Trust: 0.8
db:	CNVD	id:	CNVD-2019-07546	Trust: 0.6
db:	CNNVD	id:	CNNVD-201903-591	Trust: 0.6

sources: CNVD: CNVD-2019-07546 // JVNDB: JVNDB-2018-014748 // CNNVD: CNNVD-201903-591 // NVD: CVE-2018-19392

REFERENCES

url:	https://gist.github.com/cyberskr/2dfd5dccb20a209ec4d35b2678bac0d4	Trust: 3.0
url:	https://cyberskr.com/blog/cobham-satcom-250-500.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19392	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19392	Trust: 0.8

sources: CNVD: CNVD-2019-07546 // JVNDB: JVNDB-2018-014748 // CNNVD: CNNVD-201903-591 // NVD: CVE-2018-19392

SOURCES

db:	CNVD	id:	CNVD-2019-07546
db:	JVNDB	id:	JVNDB-2018-014748
db:	CNNVD	id:	CNNVD-201903-591
db:	NVD	id:	CVE-2018-19392

LAST UPDATE DATE

2024-11-23T22:30:07.437000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-07546	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-014748	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-591	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-19392	date:	2024-11-21T03:57:50.770

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-07546	date:	2019-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2018-014748	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201903-591	date:	2019-03-15T00:00:00
db:	NVD	id:	CVE-2018-19392	date:	2019-03-15T16:29:00.327