PT-2009-3972 · Aten · Aten Kh1516I Ip Kvm Switch+1

Publicado

2009-05-27

Atualizado

2018-10-10

CVE-2009-1473

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104

Description: The issue concerns the improper use of RSA cryptography for symmetric session-key negotiation in the client programs. This makes it easier for remote attackers to decrypt network traffic or conduct man-in-the-middle attacks by repeating unspecified client-side calculations.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, update the firmware to a version that properly implements RSA cryptography for session-key negotiation. For ATEN KN9116 IP KVM switch version 1.1.104, update the firmware to a version that properly implements RSA cryptography for session-key negotiation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2009-1473

Produtos afetados

Aten Kh1516I Ip Kvm Switch

Aten Kn9116 Ip Kvm Switch

PT-2009-3972 · Aten · Aten Kh1516I Ip Kvm Switch+1

CVE-2009-1473

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5