CVE-2023-44857 in SAILOR VSAT Ku
Summary
by MITRE • 04/12/2024
An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/27/2025
The vulnerability identified as CVE-2023-44857 affects the Cobham SAILOR VSAT Ku v.164B019 system, specifically within the acu_web component where a flaw exists in the sub_21D24 function. This represents a critical remote code execution vulnerability that exposes operational communication systems to unauthorized access and control. The affected system operates within the maritime and aviation sectors where reliable communication infrastructure is paramount for safety and operational continuity. The vulnerability stems from improper input validation and handling within the web interface component that processes scripts, creating a pathway for malicious actors to inject and execute arbitrary code on the affected device. This type of vulnerability falls under the CWE-119 weakness category, which encompasses issues related to improper restriction of operations within a recognized security boundary, specifically manifesting in buffer overflow conditions or improper memory handling within the web application layer.
The operational impact of this vulnerability extends beyond simple code execution as it fundamentally compromises the integrity and availability of the communication infrastructure. Attackers can leverage this flaw to gain unauthorized access to the system, potentially leading to complete system compromise, data exfiltration, or disruption of critical communication services. The affected environment typically includes maritime vessels, aviation control centers, and remote communication stations where the SAILOR VSAT Ku system provides essential connectivity services. The vulnerability is particularly concerning because it allows remote exploitation without requiring authentication, meaning attackers can target these systems from anywhere on the internet. This aligns with ATT&CK technique T1210, which involves exploiting weaknesses in remote services to gain system access, and T1059, which covers the execution of commands through various scripting languages.
Mitigation strategies for CVE-2023-44857 should include immediate deployment of vendor-provided patches and firmware updates to address the specific flaw in the sub_21D24 function. Network segmentation and firewall rules should be implemented to restrict access to the affected system, particularly limiting access to the acu_web component from untrusted networks. Regular security assessments and penetration testing should be conducted to identify additional vulnerabilities within the communication infrastructure. System monitoring should be enhanced to detect anomalous behavior patterns that may indicate exploitation attempts. The implementation of network intrusion detection systems can help identify malicious script execution attempts targeting the vulnerable web interface. Organizations should also consider implementing zero-trust network architecture principles to minimize the impact of potential compromises. Additionally, maintaining detailed system logs and conducting regular security audits will help in early detection and response to exploitation attempts, while ensuring proper access controls and authentication mechanisms are in place to prevent unauthorized access to the system components.