CVE-2023-44852 in SAILOR VSAT Ku
Summary
by MITRE • 04/12/2024
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_traps_decode function in the acu_web file.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/06/2025
The Cross Site Scripting vulnerability identified as CVE-2023-44852 affects the Cobham SAILOR VSAT Ku v.164B019 system, representing a critical security flaw that enables remote code execution through malicious script injection. This vulnerability specifically targets the c_set_traps_decode function within the acu_web file, creating a pathway for attackers to manipulate the system's web interface and potentially gain unauthorized access to sensitive operational data. The flaw resides in the improper handling of user-supplied input within the web application layer, allowing malicious actors to inject malicious scripts that execute in the context of other users' browsers.
The technical implementation of this vulnerability follows the classic XSS attack pattern where input validation and output encoding mechanisms fail to properly sanitize data passed to the c_set_traps_decode function. When the system processes the crafted script input, it fails to adequately escape or filter special characters that could be interpreted as executable code by web browsers. This weakness creates an environment where attackers can inject malicious JavaScript payloads that persist within the application's web interface, potentially leading to session hijacking, data theft, or further system compromise. The vulnerability operates at the application layer and specifically affects the web-based management interface of the VSAT communication system.
The operational impact of this vulnerability extends beyond simple script execution, as it represents a significant threat to the security and integrity of satellite communication systems. Attackers could potentially manipulate trap decoding functionality to interfere with system monitoring, disrupt communication services, or gain unauthorized access to sensitive operational parameters. The remote nature of the attack means that threat actors can exploit this vulnerability from anywhere on the network without requiring physical access to the system. This vulnerability directly impacts the availability, confidentiality, and integrity of the satellite communication infrastructure, potentially affecting critical communications for maritime, aviation, or remote terrestrial applications.
Organizations utilizing Cobham SAILOR VSAT Ku v.164B019 systems should implement immediate mitigations including input validation and output encoding controls to prevent malicious script injection. The recommended approach involves implementing proper sanitization of all user inputs before processing them through the c_set_traps_decode function, combined with strict content security policies that prevent execution of unauthorized scripts. Additionally, network segmentation and access controls should be enforced to limit potential attack vectors. This vulnerability aligns with CWE-79 which categorizes cross-site scripting flaws, and represents a technique that could be mapped to ATT&CK tactic TA0001 (Initial Access) through web-based exploitation methods. Regular security updates and patches from Cobham should be implemented immediately, while system administrators should monitor for any signs of exploitation attempts or unauthorized access to the affected web interface components.