CVE-2023-44854 in SAILOR VSAT Ku
Summary
by MITRE • 04/12/2024
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/06/2025
The CVE-2023-44854 vulnerability represents a critical cross site scripting flaw affecting Cobham SAILOR VSAT Ku v.164B019 systems, which operates within the maritime and satellite communications domain. This vulnerability resides in the acu_web file and specifically targets the c_set_rslog_decode function, creating a pathway for remote code execution through malicious script injection. The affected system serves as a crucial component in satellite communication infrastructure, making this vulnerability particularly concerning for operational security and mission-critical applications.
This XSS vulnerability stems from insufficient input validation and sanitization within the c_set_rslog_decode function, which processes data without proper escaping or encoding mechanisms. The flaw allows an attacker to inject malicious JavaScript code through crafted input parameters that are then executed within the context of the victim's browser session. According to CWE-79, this classification specifically addresses Cross Site Scripting vulnerabilities where improper validation of input allows attackers to inject client-side scripts. The vulnerability is particularly dangerous because it operates at the web interface level, potentially enabling attackers to establish persistent access to the system through session hijacking or credential theft.
The operational impact of CVE-2023-44854 extends beyond simple script execution, as it can compromise the integrity of satellite communication systems that rely on the SAILOR VSAT Ku platform for critical maritime operations. Attackers could potentially manipulate system configurations, access sensitive operational data, or disrupt communication services that are essential for maritime safety and navigation. The remote nature of the attack means that threat actors can exploit this vulnerability from anywhere on the internet without requiring physical access to the equipment. This aligns with ATT&CK technique T1566, which covers phishing and social engineering attacks that leverage web-based vulnerabilities to gain initial access to target systems.
Mitigation strategies for this vulnerability should prioritize immediate patch deployment from Cobham, as the vendor has likely released security updates addressing the input validation issues within the acu_web file. Network segmentation and firewall rules should be implemented to restrict access to the affected system, limiting potential attack vectors and reducing the attack surface. Additionally, implementing proper input sanitization measures, output encoding, and content security policies would help prevent similar vulnerabilities from occurring in the future. Organizations should also conduct thorough security assessments of their satellite communication infrastructure, as this vulnerability may indicate broader issues with input validation across the system's web interface components, potentially affecting other functions within the same codebase that may share similar security flaws.