Sign-up

ID

VAR-201408-0146


CVE

CVE-2014-0327


TITLE

Iridium Pilot and OpenPort contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#578598

DESCRIPTION

The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Iridium Pilot and OpenPort are products of Iridium Corporation of the United States. Iridium Pilot is a next-generation communication terminal product that is used at sea and provides mobile voice and data communication network services. Iridium OpenPort is a marine satellite terminal product. There are authentication bypass vulnerabilities in Iridium Pilot and OpenPort. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2014-0327 // CERT/CC: VU#578598 // JVNDB: JVNDB-2014-003826 // CNVD: CNVD-2014-04964 // BID: 69152

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04964

AFFECTED PRODUCTS

vendor:iridiummodel:open portscope:eqversion: -

Trust: 1.6

vendor:iridiummodel:pilot below deck equipmentscope:eqversion: -

Trust: 1.6

vendor:iridiummodel:pilotscope: - version: -

Trust: 1.4

vendor:iridiummodel:openportscope: - version: -

Trust: 1.4

vendor:iridiummodel: - scope: - version: -

Trust: 0.8

vendor:iridiummodel:communications pilotscope:eqversion:0

Trust: 0.3

vendor:iridiummodel:communications openportscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#578598 // CNVD: CNVD-2014-04964 // BID: 69152 // JVNDB: JVNDB-2014-003826 // CNNVD: CNNVD-201408-142 // NVD: CVE-2014-0327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0327
value: HIGH

Trust: 1.0

NVD: CVE-2014-0327
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-04964
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201408-142
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2014-0327
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04964
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-04964 // JVNDB: JVNDB-2014-003826 // CNNVD: CNNVD-201408-142 // NVD: CVE-2014-0327

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-798

Trust: 0.8

problemtype:CWE-306

Trust: 0.8

problemtype:CWE-Other

Trust: 0.8

sources: CERT/CC: VU#578598 // JVNDB: JVNDB-2014-003826 // NVD: CVE-2014-0327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-142

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201408-142

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003826

PATCH
title:Iridium OpenPorturl:http://iridium.com/products/Iridium-OpenPort.aspx?productCategoryID=30
Trust: 0.8
title:Iridium Piloturl:http://iridium.com/products/Iridium-Pilot.aspx?productCategoryID=30
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003826

EXTERNAL IDS
db:NVDid:CVE-2014-0327
Trust: 3.3
db:CERT/CCid:VU#578598
Trust: 3.2
db:BIDid:69152
Trust: 1.5
db:JVNid:JVNVU91970952
Trust: 0.8
db:JVNDBid:JVNDB-2014-003826
Trust: 0.8
db:CNVDid:CNVD-2014-04964
Trust: 0.6
db:CNNVDid:CNNVD-201408-142
Trust: 0.6
sources:
            
            
            CERT/CC: VU#578598 // 
            
            
            
            CNVD: CNVD-2014-04964 // 
            
            
            
            BID: 69152 // 
            
            
            
            JVNDB: JVNDB-2014-003826 // 
            
            
            
            CNNVD: CNNVD-201408-142 // 
            
            
            
            NVD: CVE-2014-0327

REFERENCES
url:http://www.kb.cert.org/vuls/id/578598
Trust: 2.4
url:http://www.securityfocus.com/bid/69152
Trust: 1.2
url:http://iridium.com/products/iridium-pilot.aspx?productcategoryid=30
Trust: 1.1
url:http://iridium.com/products/iridium-openport.aspx?productcategoryid=30
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0327
Trust: 0.8
url:http://jvn.jp/vu/jvnvu91970952/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0327
Trust: 0.8
url:http://iridium.com/default.aspx
Trust: 0.3
sources:
            
            
            CERT/CC: VU#578598 // 
            
            
            
            CNVD: CNVD-2014-04964 // 
            
            
            
            BID: 69152 // 
            
            
            
            JVNDB: JVNDB-2014-003826 // 
            
            
            
            CNNVD: CNNVD-201408-142 // 
            
            
            
            NVD: CVE-2014-0327

CREDITS
Cesar Cerrudo, and Ruben Santamarta
Trust: 0.9
sources:
            
            
            BID: 69152 // 
            
            
            
            CNNVD: CNNVD-201408-142

SOURCES
db:CERT/CCid:VU#578598
db:CNVDid:CNVD-2014-04964
db:BIDid:69152
db:JVNDBid:JVNDB-2014-003826
db:CNNVDid:CNNVD-201408-142
db:NVDid:CVE-2014-0327

LAST UPDATE DATE
2025-04-12T23:09:22.010000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#578598date:2014-09-12T00:00:00
db:CNVDid:CNVD-2014-04964date:2014-08-13T00:00:00
db:BIDid:69152date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003826date:2014-08-19T00:00:00
db:CNNVDid:CNNVD-201408-142date:2014-08-18T00:00:00
db:NVDid:CVE-2014-0327date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#578598date:2014-08-07T00:00:00
db:CNVDid:CNVD-2014-04964date:2014-08-13T00:00:00
db:BIDid:69152date:2014-08-07T00:00:00
db:JVNDBid:JVNDB-2014-003826date:2014-08-19T00:00:00
db:CNNVDid:CNNVD-201408-142date:2014-08-12T00:00:00
db:NVDid:CVE-2014-0327date:2014-08-17T23:55:04.087