CVE-2009-1477

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104 ATEN PN9108 power-control unit (affected versions not specified)

Description: The issue concerns a hardcoded SSL private key in the https web interfaces of certain ATEN products. This hardcoded key allows remote attackers to more easily decrypt https sessions. Attackers can extract the key from their own device and then use it to sniff network traffic to a device owned by a different customer, potentially accessing sensitive information.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, consider disabling the https web interface until a patch is available. For ATEN KN9116 IP KVM switch version 1.1.104, restrict access to the https web interface to minimize the risk of exploitation. For ATEN PN9108 power-control unit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.