VAR-201408-0146
Vulnerability from variot - Updated: 2025-04-12 23:09The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Iridium Pilot and OpenPort are products of Iridium Corporation of the United States. Iridium Pilot is a next-generation communication terminal product that is used at sea and provides mobile voice and data communication network services. Iridium OpenPort is a marine satellite terminal product. There are authentication bypass vulnerabilities in Iridium Pilot and OpenPort. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0146",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "open port",
"scope": "eq",
"trust": 1.6,
"vendor": "iridium",
"version": null
},
{
"model": "pilot below deck equipment",
"scope": "eq",
"trust": 1.6,
"vendor": "iridium",
"version": null
},
{
"model": "pilot",
"scope": null,
"trust": 1.4,
"vendor": "iridium",
"version": null
},
{
"model": "openport",
"scope": null,
"trust": 1.4,
"vendor": "iridium",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "iridium",
"version": null
},
{
"model": "communications pilot",
"scope": "eq",
"trust": 0.3,
"vendor": "iridium",
"version": "0"
},
{
"model": "communications openport",
"scope": "eq",
"trust": 0.3,
"vendor": "iridium",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "BID",
"id": "69152"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:iridium:open_port",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:iridium:pilot_below_deck_equipment",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cesar Cerrudo, and Ruben Santamarta",
"sources": [
{
"db": "BID",
"id": "69152"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0327",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04964",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0327",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0327",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04964",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-142",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306). Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Iridium Pilot and OpenPort are products of Iridium Corporation of the United States. Iridium Pilot is a next-generation communication terminal product that is used at sea and provides mobile voice and data communication network services. Iridium OpenPort is a marine satellite terminal product. There are authentication bypass vulnerabilities in Iridium Pilot and OpenPort. An attacker could exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0327"
},
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "BID",
"id": "69152"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0327",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#578598",
"trust": 3.2
},
{
"db": "BID",
"id": "69152",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU91970952",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04964",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "BID",
"id": "69152"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"id": "VAR-201408-0146",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04964"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04964"
}
]
},
"last_update_date": "2025-04-12T23:09:22.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Iridium OpenPort",
"trust": 0.8,
"url": "http://iridium.com/products/Iridium-OpenPort.aspx?productCategoryID=30"
},
{
"title": "Iridium Pilot",
"trust": 0.8,
"url": "http://iridium.com/products/Iridium-Pilot.aspx?productCategoryID=30"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-798",
"trust": 0.8
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/578598"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/69152"
},
{
"trust": 1.1,
"url": "http://iridium.com/products/iridium-pilot.aspx?productcategoryid=30"
},
{
"trust": 1.1,
"url": "http://iridium.com/products/iridium-openport.aspx?productcategoryid=30"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0327"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91970952/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0327"
},
{
"trust": 0.3,
"url": "http://iridium.com/default.aspx"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "BID",
"id": "69152"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#578598"
},
{
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"db": "BID",
"id": "69152"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-07T00:00:00",
"db": "CERT/CC",
"id": "VU#578598"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69152"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"date": "2014-08-17T23:55:04.087000",
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-12T00:00:00",
"db": "CERT/CC",
"id": "VU#578598"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04964"
},
{
"date": "2014-08-07T00:00:00",
"db": "BID",
"id": "69152"
},
{
"date": "2014-08-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003826"
},
{
"date": "2014-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-142"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Iridium Pilot and OpenPort contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#578598"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-142"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…