03/15/2019

CVE-2018-19394

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device\'s configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file.
Attack vector:  Network
Product: 

• cobham: satcom_sailor_800_firmware
• cobham: satcom_sailor_900_firmware

References: 

• https://cyberskr.com/blog/cobham-satcom-800-900.html
• https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b

Severity:  Low
CVSS Score:  3.5
CVSS Vector:  (AV:N/AC:M/Au:S/C:N/I:P/A:N)