Vulnerability Details CVE-2014-2716
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html
- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt
- http://www.securityfocus.com/archive/1/534241/100/0/threaded
- http://www.securityfocus.com/bid/71674
- http://packetstormsecurity.com/files/129585/Ekahau-Real-Time-Location-System-RC4-Cipher-Stream-Reuse-Weak-Key-Derivation.html
- http://www.modzero.ch/advisories/MZ-14-01-Ekahau-RTLS.txt
- http://www.securityfocus.com/archive/1/534241/100/0/threaded
- http://www.securityfocus.com/bid/71674
Products affected by CVE-2014-2716
-
cpe:2.3:a:ekahau:activator:3
-
cpe:2.3:a:ekahau:real-time_location_system_controller:6.0.5-final
-
cpe:2.3:h:ekahau:b4_staff_badge_tag:5.7
-
cpe:2.3:o:ekahau:b4_staff_badge_tag_firmware:1.4.52