CVE-2014-2716

2014-12-1915:59:05

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

65.9%

JSON

Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Affected configurations

Nvd

Node

ekahaureal-time_location_system_controllerMatch6.0.5-final

Node

ekahauactivatorMatch3

Node

ekahaub4_staff_badge_tag_firmwareMatch1.4.52

AND

ekahaub4_staff_badge_tagMatch5.7

VendorProductVersionCPE
ekahaureal-time_location_system_controller6.0.5-finalcpe:2.3:a:ekahau:real-time_location_system_controller:6.0.5-final:*:*:*:*:*:*:*
ekahauactivator3cpe:2.3:a:ekahau:activator:3:*:*:*:*:*:*:*
ekahaub4_staff_badge_tag_firmware1.4.52cpe:2.3:o:ekahau:b4_staff_badge_tag_firmware:1.4.52:*:*:*:*:*:*:*
ekahaub4_staff_badge_tag5.7cpe:2.3:h:ekahau:b4_staff_badge_tag:5.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ekahau	real-time_location_system_controller	6.0.5-final	cpe:2.3:a:ekahau:real-time_location_system_controller:6.0.5-final:::::::*
ekahau	activator	3	cpe:2.3:a:ekahau:activator:3:::::::*
ekahau	b4_staff_badge_tag_firmware	1.4.52	cpe:2.3:o:ekahau:b4_staff_badge_tag_firmware:1.4.52:::::::*
ekahau	b4_staff_badge_tag	5.7	cpe:2.3:h:ekahau:b4_staff_badge_tag:5.7:::::::*