CVE-2009-1473 - OpenCVE

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aten	Kh1516i Ip Kvm Switch Kn9116 Ip Kvm Switch

Configuration 1 [-]

OR	cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:::::*
	cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:windows_client:::::*
	cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:::::*
	cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:windows_client:::::*

No data.

References

Link	Providers
http://secunia.com/advisories/35241
http://www.securityfocus.com/archive/1/503827/100/0/threaded
http://www.securityfocus.com/bid/35108
https://exchange.xforce.ibmcloud.com/vulnerabilities/50849

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-27T16:00:00

Updated: 2024-08-07T05:13:25.598Z

Reserved: 2009-04-28T00:00:00

Link: CVE-2009-1473

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-05-27T16:30:01.797

Modified: 2018-10-10T19:37:03.563

Link: CVE-2009-1473

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35241", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35241"}, {"name": "35108", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35108"}, {"name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"name": "aten-kvm-client-weak-security(50849)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1473", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35241", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35241"}, {"name": "35108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35108"}, {"name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"name": "aten-kvm-client-weak-security(50849)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:13:25.598Z"}, "title": "CVE Program Container", "references": [{"name": "35241", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35241"}, {"name": "35108", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35108"}, {"name": "20090526 Multiple vulnerabilities in several ATEN IP KVM Switches", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"name": "aten-kvm-client-weak-security(50849)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1473", "datePublished": "2009-05-27T16:00:00", "dateReserved": "2009-04-28T00:00:00", "dateUpdated": "2024-08-07T05:13:25.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:*:*:*:*:*", "matchCriteriaId": "50ACA9FF-A214-4911-B3EC-39B3950FA5E1", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:windows_client:*:*:*:*:*", "matchCriteriaId": "BBB7093D-2C92-43E5-9FCC-6455F2814307", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:*:*:*:*:*", "matchCriteriaId": "43CC1042-AB83-4B46-984B-98D98D133DAA", "vulnerable": true}, {"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:windows_client:*:*:*:*:*", "matchCriteriaId": "3111EE0D-155E-4031-9003-B9013BABEA76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""}, {"lang": "es", "value": "Los programas cliente (1) Windows and (2) Java para los switches ATEN KH1516i IP KVM con firmware 1.0.063 y KN9116 IP KVM con firmware 1.1.104 no usan de manera apropiada la criptograf\u00eda RSA en una negociaci\u00f3n de clave de sesi\u00f3n sim\u00e9trica, lo que facilita a atacantes remotos (a) desencriptar el tr\u00e1fico de red o (b) llevar a cabo ataques del tipo \"man in the middle (hombre en el medio)\", mediante la repetici\u00f3n de \"c\u00e1lculos en el lado del cliente\" no especificados."}], "id": "CVE-2009-1473", "lastModified": "2018-10-10T19:37:03.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-27T16:30:01.797", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/35241"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35108"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}