PT-2009-3971 · Aten+1 · Aten Kh1516I Ip Kvm Switch+2

Publicado

2009-05-27

Atualizado

2018-10-10

CVE-2009-1472

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104

Description: The issue allows man-in-the-middle attackers to execute arbitrary Java code or gain access to machines connected to the switch by hijacking a session, due to a hardcoded AES encryption key in the Java client program.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, update the firmware to a version that does not have the hardcoded AES encryption key. For ATEN KN9116 IP KVM switch version 1.1.104, update the firmware to a version that does not have the hardcoded AES encryption key.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2009-1472

Produtos afetados

Aten Kh1516I Ip Kvm Switch

Aten Kn9116 Ip Kvm Switch

Java

PT-2009-3971 · Aten+1 · Aten Kh1516I Ip Kvm Switch+2

CVE-2009-1472

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3