CVE-2014-9596

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
panasonicarbitrator_back-end_server_mk_3.0_vpu_firmware
𝑥
≤ 9.3.1
panasonicarbitrator_back-end_server_mk_3.0_vpu
-
panasonicarbitrator_back-end_server_mk_2.0_vpu_firmware
𝑥
≤ 9.3.1
panasonicarbitrator_back-end_server_mk_2.0_vpu
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab
http://www.kb.cert.org/vuls/id/117604
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab
http://www.kb.cert.org/vuls/id/117604