CVE-2018-19393

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
7.8
High
Weakness Type
CWE-732
View all →

Vulnerability Description

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation.

Related Vulnerabilities

CVE-2007-5743

HIGH
CVSS:7.5(High)

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

CWE-7322007

CVE-2017-0317

HIGH
CVSS:7.5(High)

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tampe...

CWE-7322017

CVE-2017-0845

HIGH
CVSS:7.5(High)

A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

CWE-7322017

CVE-2017-1000125

HIGH
CVSS:7.5(High)

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

CWE-7322017

CVE-2017-17568

HIGH
CVSS:7.5(High)

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive informa...

CWE-7322017

CVE-2017-4952

HIGH
CVSS:7.5(High)

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access...

CWE-7322017