{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-07T00:00:00", "descriptions": [{"lang": "en", "value": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-08-17T22:57:00", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#578598", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/578598"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-0327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#578598", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/578598"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-0327", "datePublished": "2014-08-17T23:00:00", "dateReserved": "2013-12-05T00:00:00", "dateUpdated": "2014-08-17T22:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:iridium:open_port:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8DA90AD-B539-4F4B-BB59-C41CA13C20ED", "vulnerable": true}, {"criteria": "cpe:2.3:h:iridium:pilot_below_deck_equipment:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9A01DE3-186A-45A6-AF49-E3A51374DB99", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmware to TCP port 54321."}, {"lang": "es", "value": "Terminal Upgrade Tool en las implementaciones Pilot Below Deck Equipment (BDE) y OpenPort en los terminales de sat\u00e9lite Iridium permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida de firmware nuevo al puerto TCP 54321."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/306.html\">CWE-306: Missing Authentication for Critical Function</a>", "id": "CVE-2014-0327", "lastModified": "2014-08-28T18:57:45.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-17T23:55:04.087", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/578598"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}