Vulnerability CVE-2014-9596
Published: 2015-01-15   Modified: 2015-01-16

Description:
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Panasonic -> Arbitrator back-end server mk 2.0 vpu 
Panasonic -> Arbitrator back-end server mk 3.0 vpu 
Panasonic -> Arbitrator back-end server mk 2.0 vpu firmware 
Panasonic -> Arbitrator back-end server mk 3.0 vpu firmware 

 References:
http://www.kb.cert.org/vuls/id/117604
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab
Copyright 2024, cxsecurity.com

 

Back to Top