CVE-2017-3221 – CVE-2017-3221 is a blind SQL injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2017-3221?

CVE-2017-3221 has a CVSS score of 9.8 (CRITICAL). CVE-2017-3221 is a blind SQL injection vulnerability in the Inmarsat AmosConnect 8 login form that allows remote attackers to extract user credentials, including usernames and passwords. This affects organizations using Inmarsat AmosConnect 8 for satellite communications. Attackers can exploit this without authentication to gain access to sensitive login credentials.

📋 TL;DR

CVE-2017-3221 is a blind SQL injection vulnerability in the Inmarsat AmosConnect 8 login form that allows remote attackers to extract user credentials, including usernames and passwords. This affects organizations using Inmarsat AmosConnect 8 for satellite communications. Attackers can exploit this without authentication to gain access to sensitive login credentials.

💻 Affected Systems

Products:

Inmarsat AmosConnect 8

Versions: Version 8 (specific patch levels unknown)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web login interface of AmosConnect 8 installations

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all user accounts, unauthorized access to satellite communication systems, potential data exfiltration, and lateral movement within the network.

🟠

Likely Case

Credential theft leading to unauthorized access to AmosConnect systems, potential email and communication interception, and privilege escalation within the application.

🟢

If Mitigated

Limited impact with proper network segmentation, credential monitoring, and application firewalls blocking SQL injection attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection in login form allows credential extraction without authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - contact Inmarsat for updates

Vendor Advisory: http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/

Restart Required: Yes

Instructions:

1. Contact Inmarsat support for security patches
2. Apply the provided security update
3. Restart AmosConnect services
4. Verify the fix by testing for SQL injection

🔧 Temporary Workarounds

Web Application Firewall

all

Deploy WAF with SQL injection protection rules

Network Segmentation

all

Restrict access to AmosConnect interface to trusted networks only

🧯 If You Can't Patch

Implement strong network segmentation to isolate AmosConnect from untrusted networks
Deploy a web application firewall with SQL injection detection and blocking rules

🔍 How to Verify

Check if Vulnerable:

Test login form with SQL injection payloads like ' OR '1'='1

Check Version:

Check AmosConnect version in application interface or contact Inmarsat support

Verify Fix Applied:

Retest with SQL injection payloads after patch application - should return proper error messages or reject input

📡 Detection & Monitoring

Log Indicators:

Unusual SQL error messages in application logs
Multiple failed login attempts with SQL-like patterns
Successful logins from unexpected IP addresses

Network Indicators:

SQL injection patterns in HTTP POST requests to login endpoint
Unusual outbound database connections

SIEM Query:

source="amosconnect.log" AND ("sql" OR "injection" OR "syntax" OR "union" OR "select")

📊 Metadata

CVE ID: CVE-2017-3221

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 22, 2017

Last Updated: April 20, 2025

🔗 References

http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
http://www.securityfocus.com/bid/99899 Third Party Advisory,VDB Entry
https://twitter.com/mkolsek/status/923988845783322625
https://www.kb.cert.org/vuls/id/586501 Third Party Advisory,US Government Resource
http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
http://www.securityfocus.com/bid/99899 Third Party Advisory,VDB Entry
https://twitter.com/mkolsek/status/923988845783322625
https://www.kb.cert.org/vuls/id/586501 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-3221, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

Amosconnect 8 by Inmarsat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Web Application Firewall

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities