Vulnerability Note VU#578598
Iridium Pilot and OpenPort contain multiple vulnerabilities
Broadband satellite terminals using Iridium Pilot and OpenPort have been found to contain undocumented hardcoded login credentials (CWE-798). Additionally, these broadband satellite terminals utilize an insecure proprietary communications protocol that allows unauthenticated users to perform privileged operations on the devices (CWE-306).
Iridium Pilot and OpenPort are a shipboard communication device used to communicate voice and data from ship-to-ship and to ground stations through the Iridium satellite constellation.
CWE-798 - Use of Hardcoded Credentials - CVE-2014-0326
A remote unauthenticated attacker may be able to gain privileged access to the device. Additionally, a remote unauthenticated attacker may be able to execute arbitrary code on the device.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Iridium Communications Inc.||Affected||16 Jan 2014||12 Sep 2014|
CVSS Metrics (Learn More)
Thanks to Cesar Cerrudo and Ruben Santamarta for reporting these vulnerabilities.
This document was written by Chris King.
- CVE IDs: CVE-2014-0326 CVE-2014-0327
- Date Public: 07 Aug 2014
- Date First Published: 07 Aug 2014
- Date Last Updated: 12 Sep 2014
- Document Revision: 39
If you have feedback, comments, or additional information about this vulnerability, please send us email.