Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account
Informations
Name VU#586501 First vendor Publication 2017-07-20
Vendor VU-CERT Last vendor Modification 2017-10-30
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#586501

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

Original Release date: 20 Jul 2017 | Last revised: 30 Oct 2017

Overview

Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 (AC8), which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide visibility of user names and passwords configured on the client device. A backdoor account has been identified in the client that provides full system privileges. This vulnerability could be exploited remotely. An attacker with high skill would be able to exploit this vulnerability. AmosConnect 8 has been deemed end of life, and no longer supported. Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software.

Description

CWE-89: Blind SQL Injection in Login Form - CVE-2017-3221

Unauthenticated attackers having network access to the AmosConnect Server can exploit a Blind SQL Injection vulnerability in the login form to gain access to credentials stored in its internal database, containing user names and passwords.

CWE-798: Use of Hard-coded Credentials - CVE-2017-3222
Attackers having network access to an AmosConnect server can log into it using a backdoor account that has full system privileges. Among other things, this vulnerability allows attackers to execute commands with SYSTEM privileges on the remote system by abusing AmosConnect Task Manager.

Impact

Successful exploitation of this vulnerability may allow a remote attacker to access or influence AmosConnect 8 email databases on computers that are installed onboard ships.

Solution

AmosConnect 8 has been deemed End of Life, and no longer supported.

  • Customers are no longer able to activate software installer for AC8. This was removed from the software distribution website.
  • It is no longer possible to activate a new AC8 license.
  • As of July 2017, support for AC8 shall be discontinued, and clients will no longer be able to use the software.
  • The software download for the current version of AC8.4 has been removed from the Inmarsat website.

As of July 2017, support for The Inmarsat AmosConnect8 service has been decommissioned and clients will no longer be able to download the software from the software distribution website. Customers can contact Inmarsat Customer Service to obtain further information/updates for the replacement email client.

Vendor Information (Learn More)

The following versions of AmosConnect 8 are affected:

Client VersionRelease Date
8.0, 8.0.1, 8.0.2June 17, 2010
8.2.0February 11, 2011
8.2.1June 9, 2011
8.2.2September 13, 2011
8.3.0, 8.3.1January 23, 2012
8.4.0November 20, 2013
8.4.0.1November 20, 2013

No information available. If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base0.0AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal0.0E:ND/RL:ND/RC:ND
Environmental0.0CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://blog.ioactive.com/2017/10/amosconnect-maritime-communications.html
  • https://www.inmarsat.com/
  • https://gateway.inmarsat.com
  • http://cwe.mitre.org/data/definitions/89.html
  • http://cwe.mitre.org/data/definitions/798.html

Credit

These vulnerabilities were reported by Mario Ballano of IOActive Labs.

This document was written by Laurie Tyzenhaus.

Other Information

  • CVE IDs:CVE-2017-3221CVE-2017-3222
  • Date Public:20 Jul 2017
  • Date First Published:20 Jul 2017
  • Date Last Updated:30 Oct 2017
  • Document Revision:36

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/586501

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-798 Use of Hard-coded Credentials (CWE/SANS Top 25)
50 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 10
Application 10

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2017-10-30 21:23:14
  • Multiple Updates
2017-07-27 17:23:59
  • Multiple Updates
2017-07-23 05:25:32
  • Multiple Updates
2017-07-21 21:22:24
  • Multiple Updates
2017-07-21 00:20:48
  • Multiple Updates
2017-07-20 21:22:08
  • First insertion