CVE-2014-9596

Published: Jan 15, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.

Affected (4)

Products: Panasonic: Arbitrator Back End Server Mk 3.0 Vpu Firmware, Arbitrator Back End Server Mk 3.0 Vpu, Arbitrator Back End Server Mk 2.0 Vpu Firmware, Arbitrator Back End Server Mk 2.0 Vpu

4 products

Arbitrator Back End Server Mk 3.0 Vpu Firmware

Arbitrator Back End Server Mk 3.0 Vpu

Arbitrator Back End Server Mk 2.0 Vpu Firmware

Arbitrator Back End Server Mk 2.0 Vpu

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Panasonic Arbitrator Back End Server Mk 3.0 Vpu Firmware	Up to 9.3.1
Panasonic Arbitrator Back End Server Mk 3.0 Vpu	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Panasonic Arbitrator Back End Server Mk 2.0 Vpu Firmware	Up to 9.3.1
Panasonic Arbitrator Back End Server Mk 2.0 Vpu	All versions

Related CWEs

References (4)

http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/117604

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/117604

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.