CVE-2014-9596

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.
References
Link Resource
http://www.kb.cert.org/vuls/id/117604 Third Party Advisory US Government Resource
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_3.0_vpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_3.0_vpu:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_2.0_vpu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_2.0_vpu:-:*:*:*:*:*:*:*

Information

Published : 2015-01-15 15:59

Updated : 2015-01-16 10:31


NVD link : CVE-2014-9596

Mitre link : CVE-2014-9596


JSON object : View

CWE
CWE-310

Cryptographic Issues

Advertisement

dedicated server usa

Products Affected

panasonic

  • arbitrator_back-end_server_mk_3.0_vpu_firmware
  • arbitrator_back-end_server_mk_2.0_vpu_firmware
  • arbitrator_back-end_server_mk_3.0_vpu
  • arbitrator_back-end_server_mk_2.0_vpu