Lucene search

PRIOn knowledge basePRION:CVE-2009-1473

HistoryMay 27, 2009 - 4:30 p.m.

Input validation

2009-05-2716:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified “client-side calculations.”

CPENameOperatorVersion
kh1516i_ip_kvm_switcheq1.0.63 java-client
kh1516i_ip_kvm_switcheq1.0.63 windows-client
kn9116_ip_kvm_switcheq1.1.104 java-client
kn9116_ip_kvm_switcheq1.1.104 windows-client

Name	Operator	Version
kh1516i_ip_kvm_switch	eq	1.0.63 java-client
kh1516i_ip_kvm_switch	eq	1.0.63 windows-client
kn9116_ip_kvm_switch	eq	1.1.104 java-client
kn9116_ip_kvm_switch	eq	1.1.104 windows-client

References

secunia.com/advisories/35241

www.securityfocus.com/archive/1/503827/100/0/threaded

www.securityfocus.com/bid/35108

exchange.xforce.ibmcloud.com/vulnerabilities/50849

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

52.6%

JSON

Related for PRION:CVE-2009-1473