PT-2009-3972 · Aten · Aten Kh1516I Ip Kvm Switch+1

Published

2009-05-27

Updated

2018-10-10

CVE-2009-1473

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ATEN KH1516i IP KVM switch version 1.0.063 ATEN KN9116 IP KVM switch version 1.1.104

Description: The issue concerns the improper use of RSA cryptography for symmetric session-key negotiation in the client programs. This makes it easier for remote attackers to decrypt network traffic or conduct man-in-the-middle attacks by repeating unspecified client-side calculations.

Recommendations: For ATEN KH1516i IP KVM switch version 1.0.063, update the firmware to a version that properly implements RSA cryptography for session-key negotiation. For ATEN KN9116 IP KVM switch version 1.1.104, update the firmware to a version that properly implements RSA cryptography for session-key negotiation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2009-1473

Affected Products

Aten Kh1516I Ip Kvm Switch

Aten Kn9116 Ip Kvm Switch

PT-2009-3972 · Aten · Aten Kh1516I Ip Kvm Switch+1

CVE-2009-1473

Weakness Enumeration

Related Identifiers

Affected Products

References · 5