CVE-2009-1473 - OpenCVE

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Aten	Kn9116 Ip Kvm Switch Kh1516i Ip Kvm Switch

Configuration 1 [-]

OR	cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:::::*
	cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:windows_client:::::*
	cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:::::*
	cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:windows_client:::::*

References

Link	Resource
http://secunia.com/advisories/35241
http://www.securityfocus.com/archive/1/503827/100/0/threaded
http://www.securityfocus.com/bid/35108
https://exchange.xforce.ibmcloud.com/vulnerabilities/50849

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-27T16:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-04-28T00:00:00

Link: CVE-2009-1473

JSON object: View

NVD Information

Status : Modified

Published: 2009-05-27T16:30:01.797

Modified: 2018-10-10T19:37:03.563

Link: CVE-2009-1473

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35241", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35241"}, {"name": "35108", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35108"}, {"name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"name": "aten-kvm-client-weak-security(50849)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35241", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35241"}, {"name": "35108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35108"}, {"name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"name": "aten-kvm-client-weak-security(50849)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1473", "datePublished": "2009-05-27T16:00:00", "dateReserved": "2009-04-28T00:00:00", "dateUpdated": "2018-10-10T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:*:*:*:*:*", "matchCriteriaId": "50ACA9FF-A214-4911-B3EC-39B3950FA5E1", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:windows_client:*:*:*:*:*", "matchCriteriaId": "BBB7093D-2C92-43E5-9FCC-6455F2814307", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:*:*:*:*:*", "matchCriteriaId": "43CC1042-AB83-4B46-984B-98D98D133DAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:windows_client:*:*:*:*:*", "matchCriteriaId": "3111EE0D-155E-4031-9003-B9013BABEA76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}, {"lang": "es", "value": "Los programas cliente (1) Windows and (2) Java para los switches ATEN KH1516i IP KVM con firmware 1.0.063 y KN9116 IP KVM con firmware 1.1.104 no usan de manera apropiada la criptograf\u00eda RSA en una negociaci\u00f3n de clave de sesi\u00f3n sim\u00e9trica, lo que facilita a atacantes remotos (a) desencriptar el tr\u00e1fico de red o (b) llevar a cabo ataques del tipo \"man in the middle (hombre en el medio)\", mediante la repetici\u00f3n de \"c\u00e1lculos en el lado del cliente\" no especificados."}], "id": "CVE-2009-1473", "lastModified": "2018-10-10T19:37:03.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-27T16:30:01.797", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/35241"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35108"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}