Executive Summary
Summary | |
---|---|
Title | Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account |
Informations | |||
---|---|---|---|
Name | VU#586501 | First vendor Publication | 2017-07-20 |
Vendor | VU-CERT | Last vendor Modification | 2017-10-30 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#586501Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor AccountOverviewInmarsat Solutions offers a shipboard email client service, AmosConnect 8 (AC8), which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide visibility of user names and passwords configured on the client device. A backdoor account has been identified in the client that provides full system privileges. This vulnerability could be exploited remotely. An attacker with high skill would be able to exploit this vulnerability. AmosConnect 8 has been deemed end of life, and no longer supported. Inmarsat customers must contact Inmarsat Customer Service to obtain the replacement mail client software. Description
Impact
Solution
Vendor Information (Learn More)
No information available. If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More)
References
CreditThese vulnerabilities were reported by Mario Ballano of IOActive Labs. This document was written by Laurie Tyzenhaus. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/586501 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-798 | Use of Hard-coded Credentials (CWE/SANS Top 25) |
50 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2017-10-30 21:23:14 |
|
2017-07-27 17:23:59 |
|
2017-07-23 05:25:32 |
|
2017-07-21 21:22:24 |
|
2017-07-21 00:20:48 |
|
2017-07-20 21:22:08 |
|