Vulnerabilities > CVE-2014-0327 - Authentication Bypass vulnerability in Iridium Pilot and OpenPort

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

iridium

critical

NVD

Published: 2014-08-17

Updated: 2014-08-28

Summary

The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321. <a href="http://cwe.mitre.org/data/definitions/306.html">CWE-306: Missing Authentication for Critical Function</a>

Vulnerable Configurations

Part	Description	Count
Hardware	Iridium Iridium Open Port - Iridium Pilot Below Deck Equipment -	2

References

http://www.kb.cert.org/vuls/id/578598