Lucene search

[email protected]CVE-2009-1474

HistoryMay 27, 2009 - 4:30 p.m.

CVE-2009-1474

2009-05-2716:30:00

CWE-310

[email protected]

web.nvd.nist.gov

aten kh1516i

kn9116

ip kvm switch

firmware

vulnerability

encryption

man-in-the-middle attack

session cookie

https

http

network security

nvd

6.8 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

JSON

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CPENameOperatorVersion
aten:kn9116_ip_kvm_switchaten kn9116 ip kvm switcheq1.1.104
aten:kh1516i_ip_kvm_switchaten kh1516i ip kvm switcheq1.0.063

CPE	Name	Operator	Version
aten:kn9116_ip_kvm_switch	aten kn9116 ip kvm switch	eq	1.1.104
aten:kh1516i_ip_kvm_switch	aten kh1516i ip kvm switch	eq	1.0.063

References

secunia.com/advisories/35241

www.securityfocus.com/archive/1/503827/100/0/threaded

www.securityfocus.com/bid/35108

exchange.xforce.ibmcloud.com/vulnerabilities/50850

6.8 Medium

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

53.0%

JSON

Related for CVE-2009-1474

prion1 securityvulns2