CVE-2014-9596

EUVD-2014-9410
Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
panasonicarbitrator_back-end_server_mk_3.0_vpu_firmware
𝑥
≤ 9.3.1
panasonicarbitrator_back-end_server_mk_3.0_vpu
-
panasonicarbitrator_back-end_server_mk_2.0_vpu_firmware
𝑥
≤ 9.3.1
panasonicarbitrator_back-end_server_mk_2.0_vpu
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab
http://www.kb.cert.org/vuls/id/117604
http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab
http://www.kb.cert.org/vuls/id/117604