製品・ソフトウェアに関する情報

JVN脆弱性詳細

Panasonic Arbitrator Back-End Server (BES) に平文通信の脆弱性

Title	Panasonic Arbitrator Back-End Server (BES) に平文通信の脆弱性
Summary	Panasonic が提供する Arbitrator Back-End Server (BES) には、クライアントとサーバ間の通信を暗号化しない脆弱性 (CWE-319) が存在します。本脆弱性によって Active Directory の情報や他の機密情報が漏えいすることが報告されています。 CWE-319: Cleartext Transmission of Sensitive Information http://cwe.mitre.org/data/definitions/319.html
Possible impacts	第三者によって、機密情報を取得される可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。本脆弱性は次のバージョンで修正されています。 Back-End Server software - Ver. 9.3.1 (Build 2.8.21.2x) Back End Administrator software - Ver. 9.3.1 (Build 2.8.21.2x) Back-End Client software - Ver. 9.3.1 (Build 2.8.21.2x) Front-End Client software - Ver. 9.3.1 (Build 2.8.21.2x) Video Processing Unit (VPU) firmware for MK 3.0 recorders - Ver. 9.3.1 (Build 5.06.000.0) Video Processing Unit (VPU) firmware for MK 2.0 recorders - Ver. 9.3.1 (Build 4.08.003.0)
Publication Date	Jan. 13, 2015, midnight
Registration Date	Jan. 15, 2015, 5:09 p.m.
Last Update	Jan. 20, 2015, 4:22 p.m.

Affected System

パナソニック株式会社

Arbitrator MK 2.0 VPU using Direct LAN

Arbitrator MK 2.0 VPU using USB Wi-Fi

Arbitrator MK 3.0 VPU using Direct LAN

Arbitrator MK 3.0 VPU using Embedded Wi-Fi

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-9596	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9596
National Vulnerability Database (NVD)
2	CVE-2014-9596	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9596

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html
2	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Panasonic
1	Panasonic Arbitrator 360° Important Security Update	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab

その他

No	Name	URL
JVN
1	JVNVU#96405828	http://jvn.jp/vu/JVNVU96405828/index.html
US-CERT Vulnerability Note
2	VU#117604	http://www.kb.cert.org/vuls/id/117604

Change Log

No	Changed Details	Date of change
0	[2015年01月15日] 掲載 [2015年01月19日] CWE による脆弱性タイプ一覧：CWE-ID を追加参考情報：National Vulnerability Database (NVD) (CVE-2014-9596) を追加参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2014-9596) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-9596

Summary	Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information.
Publication Date	Jan. 16, 2015, 8:59 a.m.
Registration Date	Jan. 26, 2021, 3:22 p.m.
Last Update	Nov. 21, 2024, 11:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_3.0_vpu_firmware::::::::		9.3.1
cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_3.0_vpu:-:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:panasonic:arbitrator_back-end_server_mk_2.0_vpu_firmware::::::::		9.3.1
cpe:2.3:h:panasonic:arbitrator_back-end_server_mk_2.0_vpu:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab	Vendor Advisory
2	http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab	Vendor Advisory
3	http://www.kb.cert.org/vuls/id/117604	Third Party Advisory US Government Resource
4	http://www.kb.cert.org/vuls/id/117604	Third Party Advisory US Government Resource

Common Vulnerabilities List