Vulnerability Details : CVE-2014-2716
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.
Products affected by CVE-2014-2716
- cpe:2.3:a:ekahau:activator:3:*:*:*:*:*:*:*
- cpe:2.3:a:ekahau:real-time_location_system_controller:6.0.5-final:*:*:*:*:*:*:*
- cpe:2.3:o:ekahau:b4_staff_badge_tag_firmware:1.4.52:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2716
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2716
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2716
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2716
-
http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt
-
http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html
Ekahau Real-Time Location System RC4 Cipher Stream Reuse / Weak Key Derivation ≈ Packet Storm
-
http://www.securityfocus.com/bid/71674
Ekahau Real-Time Location System CVE-2014-2716 Multiple Security Weaknesses
-
http://www.securityfocus.com/archive/1/534241/100/0/threaded
SecurityFocus
Jump to