{"vuid":"VU#117604","idnumber":"117604","name":"Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication","keywords":["panasonic","arbitrator","BES","cwe-319"],"overview":"Panasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data.","clean_desc":"CWE-319: Cleartext Transmission of Sensitive Information\nPanasonic Arbitrator Back-End Server (BES) uses an unencrypted channel to transmit data between the client and server. It has been reported that Active Directory and other sensitive credentials are exposed as a result. According to Panasonic, the affected products are: Arbitrator MK 2.0 VPU using USB Wi-Fi\nArbitrator MK 2.0 VPU using Direct LAN\nArbitrator MK 3.0 VPU using Embedded Wi-Fi\nArbitrator MK 3.0 VPU using Direct LAN\nThe majority of Panasonic Arbitrator clients do not use these two upload methods and are not affected. If you are a Panasonic Arbitrator client that uses your laptop Wi-Fi connection for uploading or a wired connection for uploading you do not need to take any action.","impact":"A malicious user on the network may be able to discover sensitive credentials to other systems.","resolution":"Apply an Update\nPanasonic has released a statement with details on how to patch the system.","workarounds":"","sysaffected":"","thanks":"Thanks to the reporter who wishes to remain anonymous.","author":"This document was written by Chris King.","public":["http://www.panasonic.com/business/arbitrator/index.asp","http://us2.campaign-archive1.com/?u=8c9cff2e712e3b7d09a07ecef&id=21f059b3ab","http://cwe.mitre.org/data/definitions/319.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-10-21T17:07:25Z","publicdate":"2014-12-11T00:00:00Z","datefirstpublished":"2015-01-13T20:30:30Z","dateupdated":"2015-01-13T20:30:32Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","cvss_temporalscore":"4.1","cvss_environmentalscore":"1.02453996267","cvss_environmentalvector":"CDP:N/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}