Details of VAR-201501-0672

ID

VAR-201501-0672

CVE

CVE-2014-9596

TITLE

Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication

Trust: 0.8

sources: CERT/CC: VU#117604

DESCRIPTION

Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. Panasonic Provided by Arbitrator Back-End Server (BES) Vulnerability that does not encrypt communication between client and server (CWE-319) Exists. By this vulnerability Active Directory And other sensitive information have been reported to be leaked. CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.htmlThird parties may obtain confidential information. Panasonic Arbitrator is a surveillance camera application. This may result in further attacks. Panasonic Arbitrator is a high-definition car digital video recording system produced by Panasonic Corporation of Japan. There is a security flaw in Panasonic Arbitrator's BES, which is caused by the program not using encryption algorithms

Trust: 3.69

sources: NVD: CVE-2014-9596 // CERT/CC: VU#117604 // JVNDB: JVNDB-2015-001038 // CNVD: CNVD-2015-00396 // BID: 72058 // BID: 77722 // IVD: a97cbbf8-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-77541

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: a97cbbf8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00396

AFFECTED PRODUCTS

vendor:	panasonic	model:	arbitrator back-end server mk 2.0 vpu	scope:	eq	version:	-	Trust: 1.2
vendor:	panasonic	model:	arbitrator back-end server mk 3.0 vpu	scope:	eq	version:	-	Trust: 1.2
vendor:	panasonic	model:	arbitrator back-end server mk 2.0 vpu	scope:	lte	version:	9.3.1	Trust: 1.0
vendor:	panasonic	model:	arbitrator back-end server mk 3.0 vpu	scope:	lte	version:	9.3.1	Trust: 1.0
vendor:	panasonic	model:	arbitrator back-end server mk 2.0 vpu	scope:	eq	version:	9.3.1	Trust: 0.8
vendor:	panasonic	model:	arbitrator back-end server mk 3.0 vpu	scope:	eq	version:	9.3.1	Trust: 0.8
vendor:	panasonic	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	panasonic	model:	arbitrator mk 2.0 vpu	scope:	eq	version:	using direct lan	Trust: 0.8
vendor:	panasonic	model:	arbitrator mk 2.0 vpu	scope:	eq	version:	using usb wi-fi	Trust: 0.8
vendor:	panasonic	model:	arbitrator mk 3.0 vpu	scope:	eq	version:	using direct lan	Trust: 0.8
vendor:	panasonic	model:	arbitrator mk 3.0 vpu	scope:	eq	version:	using embedded wi-fi	Trust: 0.8
vendor:	panasonic	model:	arbitrator build	scope:	lt	version:	9.3.14.08.003.0	Trust: 0.6
vendor:	panasonic	model:	mk vpu	scope:	eq	version:	3.0	Trust: 0.3
vendor:	panasonic	model:	mk vpu	scope:	eq	version:	2.0	Trust: 0.3
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	3.09.3.1	Trust: 0.3
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	3.0-	Trust: 0.3
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	2.09.3.1	Trust: 0.3
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	2.0-	Trust: 0.3
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	2.0<=9.3.1	Trust: 0.2
vendor:	panasonic	model:	arbitrator back-end server mk vpu	scope:	eq	version:	3.0<=9.3.1	Trust: 0.2

sources: IVD: a97cbbf8-2351-11e6-abef-000c29c66e3d // CERT/CC: VU#117604 // CNVD: CNVD-2015-00396 // BID: 72058 // BID: 77722 // JVNDB: JVNDB-2015-001038 // CNNVD: CNNVD-201501-319 // NVD: CVE-2014-9596

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9596
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2015-001038
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-00396
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201501-319
value:	MEDIUM
Trust: 0.6
IVD:	a97cbbf8-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-77541
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9596
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2015-001038
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-00396
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	a97cbbf8-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-77541
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: a97cbbf8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-00396 // VULHUB: VHN-77541 // JVNDB: JVNDB-2015-001038 // CNNVD: CNNVD-201501-319 // NVD: CVE-2014-9596

PROBLEMTYPE DATA

problemtype:	CWE-310	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-77541 // JVNDB: JVNDB-2015-001038 // NVD: CVE-2014-9596

THREAT TYPE

network

Trust: 0.6

sources: BID: 72058 // BID: 77722

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201501-319

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001038

PATCH

title:	Panasonic Arbitrator 360° Important Security Update	url:	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab	Trust: 0.8
title:	Patch for Panasonic Arbitrator Back-End Server (BES) Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/54057	Trust: 0.6

sources: CNVD: CNVD-2015-00396 // JVNDB: JVNDB-2015-001038

EXTERNAL IDS

db:	CERT/CC	id:	VU#117604	Trust: 3.9
db:	NVD	id:	CVE-2014-9596	Trust: 3.6
db:	BID	id:	72058	Trust: 1.5
db:	CNNVD	id:	CNNVD-201501-319	Trust: 0.9
db:	CNVD	id:	CNVD-2015-00396	Trust: 0.8
db:	JVN	id:	JVNVU96405828	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001038	Trust: 0.8
db:	BID	id:	77722	Trust: 0.4
db:	IVD	id:	A97CBBF8-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-77541	Trust: 0.1

sources: IVD: a97cbbf8-2351-11e6-abef-000c29c66e3d // CERT/CC: VU#117604 // CNVD: CNVD-2015-00396 // VULHUB: VHN-77541 // BID: 72058 // BID: 77722 // JVNDB: JVNDB-2015-001038 // CNNVD: CNNVD-201501-319 // NVD: CVE-2014-9596

REFERENCES

url:	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab	Trust: 3.8
url:	http://www.kb.cert.org/vuls/id/117604	Trust: 3.1
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9596	Trust: 1.4
url:	http://www.panasonic.com/business/arbitrator/index.asp	Trust: 1.1
url:	http://cwe.mitre.org/data/definitions/319.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9596	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96405828/index.html	Trust: 0.8
url:	http://www.securityfocus.com/bid/72058	Trust: 0.6
url:	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab	Trust: 0.1

sources: CERT/CC: VU#117604 // CNVD: CNVD-2015-00396 // VULHUB: VHN-77541 // BID: 72058 // BID: 77722 // JVNDB: JVNDB-2015-001038 // CNNVD: CNNVD-201501-319 // NVD: CVE-2014-9596

CREDITS

Anonymous

Trust: 0.9

sources: BID: 72058 // CNNVD: CNNVD-201501-319

SOURCES

db:	IVD	id:	a97cbbf8-2351-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#117604
db:	CNVD	id:	CNVD-2015-00396
db:	VULHUB	id:	VHN-77541
db:	BID	id:	72058
db:	BID	id:	77722
db:	JVNDB	id:	JVNDB-2015-001038
db:	CNNVD	id:	CNNVD-201501-319
db:	NVD	id:	CVE-2014-9596

LAST UPDATE DATE

2025-04-13T23:04:36.883000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#117604	date:	2015-01-13T00:00:00
db:	CNVD	id:	CNVD-2015-00396	date:	2015-01-19T00:00:00
db:	VULHUB	id:	VHN-77541	date:	2015-01-16T00:00:00
db:	BID	id:	72058	date:	2015-01-13T00:00:00
db:	BID	id:	77722	date:	2015-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-001038	date:	2015-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201501-319	date:	2015-01-16T00:00:00
db:	NVD	id:	CVE-2014-9596	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	a97cbbf8-2351-11e6-abef-000c29c66e3d	date:	2015-01-19T00:00:00
db:	CERT/CC	id:	VU#117604	date:	2015-01-13T00:00:00
db:	CNVD	id:	CNVD-2015-00396	date:	2015-01-19T00:00:00
db:	VULHUB	id:	VHN-77541	date:	2015-01-15T00:00:00
db:	BID	id:	72058	date:	2015-01-13T00:00:00
db:	BID	id:	77722	date:	2015-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2015-001038	date:	2015-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201501-319	date:	2015-01-16T00:00:00
db:	NVD	id:	CVE-2014-9596	date:	2015-01-15T23:59:00.053