Vulnerability Description
The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aten | Kh1516I Ip Kvm Switch | 1.0.063 |
| Aten | Kn9116 Ip Kvm Switch | 1.1.104 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35241
- http://www.securityfocus.com/archive/1/503827/100/0/threaded
- http://www.securityfocus.com/bid/35108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50849
- http://secunia.com/advisories/35241
- http://www.securityfocus.com/archive/1/503827/100/0/threaded
- http://www.securityfocus.com/bid/35108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50849
FAQ
What is CVE-2009-1473?
CVE-2009-1473 is a vulnerability with a CVSS score of 10.0 (HIGH). The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symm...
How severe is CVE-2009-1473?
CVE-2009-1473 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1473?
Check the references section above for vendor advisories and patch information. Affected products include: Aten Kh1516I Ip Kvm Switch, Aten Kn9116 Ip Kvm Switch.