CVE-2023-44855 in SAILOR VSAT Ku
Summary
by MITRE • 04/12/2024
Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub_219C4 function in the acu_web file.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/29/2025
The CVE-2023-44855 vulnerability represents a critical cross site scripting flaw in Cobham SAILOR VSAT Ku v.164B019 communication systems that exposes organizations to significant remote code execution risks. This vulnerability resides within the acu_web file's sub_219C4 function where the rdiag, sender, and recipients parameters fail to properly sanitize user input, creating an exploitable pathway for malicious actors to inject malicious scripts. The affected system operates within the maritime and satellite communication domain, where secure communication channels are paramount for operational continuity and safety. The vulnerability's presence in the web interface component of the VSAT system means that attackers can potentially compromise the entire communication infrastructure through a single malicious payload.
The technical exploitation of this vulnerability follows a classic XSS attack pattern where unvalidated input flows directly into web output without proper sanitization or encoding mechanisms. When the sub_219C4 function processes the rdiag, sender, and recipients parameters, it fails to implement adequate input validation or output encoding, allowing attackers to inject malicious JavaScript code that executes in the context of authenticated users' browsers. This flaw aligns with CWE-79 which specifically addresses cross site scripting vulnerabilities, and the attack vector follows the standard ATT&CK technique T1059.007 for command and scripting interpreter. The vulnerability's remote nature means that attackers do not require physical access or local network privileges to exploit the flaw, making it particularly dangerous for deployed satellite communication systems that often operate in isolated or restricted environments.
The operational impact of this vulnerability extends beyond simple script execution to potentially enable complete system compromise through chained attacks. An attacker who successfully exploits this XSS vulnerability could gain access to sensitive communication data, manipulate system configurations, or even establish persistent backdoors within the satellite communication infrastructure. The Cobham SAILOR VSAT systems are typically deployed in critical maritime operations, emergency response scenarios, and military communications where the integrity of communication channels directly impacts operational safety and mission success. The vulnerability creates a potential pathway for attackers to intercept sensitive communications, disrupt critical operations, or escalate privileges within the system to gain unauthorized access to additional resources. Organizations relying on these systems face significant risk of data breaches, operational disruption, and potential safety hazards in mission-critical environments.
Mitigation strategies for CVE-2023-44855 should focus on immediate input validation and output encoding implementations within the affected acu_web file. Organizations must implement proper parameter sanitization for all user-supplied inputs to the sub_219C4 function, ensuring that all rdiag, sender, and recipients parameters undergo strict validation before being processed or displayed. The remediation approach should include implementing Content Security Policy headers, proper HTML encoding of output, and input validation routines that reject potentially malicious payloads. System administrators should also consider network segmentation and access controls to limit exposure, while monitoring for suspicious activities that might indicate exploitation attempts. Organizations should follow the ATT&CK framework's recommendations for defensive measures including regular security assessments, input validation testing, and maintaining updated security patches. The vulnerability underscores the importance of secure coding practices and proper security controls in critical infrastructure systems where the consequences of exploitation can extend far beyond simple data compromise to include operational safety risks and national security implications.