CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19392

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

Products affected by CVE-2018-19392

Cobham » Satcom Sailor 250 » Version: N/A

cpe:2.3:h:cobham:satcom_sailor_250:-
Cobham » Satcom Sailor 500 » Version: N/A

cpe:2.3:h:cobham:satcom_sailor_500:-
Cobham » Satcom Sailor 250 Firmware » Version: Any

cpe:2.3:o:cobham:satcom_sailor_250_firmware:*
Cobham » Satcom Sailor 500 Firmware » Version: Any

cpe:2.3:o:cobham:satcom_sailor_500_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19392

Products

Pricing

Contact Us