PT-2009-3971 · Aten+1 · Aten Kh1516I Ip Kvm Switch+2

Published

2009-05-27

Updated

2018-10-10

CVE-2009-1472

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104

Description: The issue allows man-in-the-middle attackers to execute arbitrary Java code or gain access to machines connected to the switch by hijacking a session, due to a hardcoded AES encryption key in the Java client program.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, update the firmware to a version that does not have the hardcoded AES encryption key. For ATEN KN9116 IP KVM switch version 1.1.104, update the firmware to a version that does not have the hardcoded AES encryption key.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2009-1472

Affected Products

Aten Kh1516I Ip Kvm Switch

Aten Kn9116 Ip Kvm Switch

Java

PT-2009-3971 · Aten+1 · Aten Kh1516I Ip Kvm Switch+2

CVE-2009-1472

Weakness Enumeration

Related Identifiers

Affected Products

References · 3