PT-2018-16763 · Cobham · Cobham Sea Tel 116

Published

2018-01-08

Updated

2018-02-02

CVE-2018-5071

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cobham Sea Tel 116 build 222429

Description A persistent XSS issue exists in the web server of the affected device, allowing remote attackers to inject malicious JavaScript code. This can be achieved through the device's TELNET shell using built-in commands, such as the set ship name command. The issue bears resemblance to a Cross Protocol Injection with SNMP.

Recommendations For Cobham Sea Tel 116 build 222429, consider disabling the TELNET shell or restricting access to it as a temporary workaround until a patch is available. Avoid using the set ship name command and other potentially vulnerable built-in commands in the TELNET shell to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-5071

Affected Products

Cobham Sea Tel 116

PT-2018-16763 · Cobham · Cobham Sea Tel 116

CVE-2018-5071

Weakness Enumeration

Related Identifiers

Affected Products

References · 3