Overview
- Description
- Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-732
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cobham:satcom_sailor_800_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC1C724B-5F9F-4303-A46A-1CF79B74CC86"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cobham:satcom_sailor_800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FAE54DE4-318E-4E4C-9A5E-A574AAEAE876"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cobham:satcom_sailor_900_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38951D3E-266C-46FE-A67B-A2224A1EEBBD"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cobham:satcom_sailor_900:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3341A126-A6C7-4694-B466-D2BBE0F83A71"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]