Details of VAR-200905-0262

ID

VAR-200905-0262

CVE

CVE-2009-1473

TITLE

ATEN KH1516i IP KVM Switch Windows Vulnerability in a client program that could allow man-in-the-middle attacks

Trust: 0.8

sources: JVNDB: JVNDB-2009-003375

DESCRIPTION

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations.". RSA Vulnerability exists in decrypting network traffic or performing man-in-the-middle attacks due to improper use of cryptography.By a third party " Client-side calculation " Can be used to decrypt network traffic or perform man-in-the-middle attacks. Multiple ATEN IP KVM switches are prone to multiple remote vulnerabilities and a weakness: - A security weakness may allow attackers to decrypt HTTP traffic. - A remote code-execution vulnerability is present. - A security vulnerability may allow attackers to gain access to the session key. - A security vulnerability may allow attackers to gain access to mouse events. - A security vulnerability may allow attackers to gain access to the session ID. Attackers can exploit these issues to execute Java code, compromise and gain unauthorized access to the affected device connected to the KVM, gain access to the session key, and gain access to the session ID. Other attacks are also possible. IP KVM is a series of switch equipment developed by Taiwan Acer Technology Co., Ltd. This key agreement uses RSA in an insecure way, an attacker who can monitor the communication between the client and the switch can repeat the client's calculations and obtain the session key, and then use this key to decrypt the communication and reconstruct keystrokes, or Perform man-in-the-middle attacks to gain access to machines connected to the switch. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: ATEN KH1516i / KN9116 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35241 VERIFY ADVISORY: http://secunia.com/advisories/35241/ DESCRIPTION: Some vulnerabilities have been reported in ATEN KH1516i and KN9116, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, and potentially compromise a user's system. 1) An error exists in the key exchange process when negotiating a symmetric session key via RSA. This can be exploited extract the session key by intercepting traffic and e.g. potentially execute arbitrary code on connected machines via MitM (Man-in-the-Middle) attacks. 2) Mouse events are transferred between a client and the KVM switch via an unencrypted data channel. This can be exploited to inject e.g. arbitrary mouse clicks via MitM (Man-in-the-Middle) attacks. 3) The web interface session cookie does not contain the "Secure" attribute. This can be exploited to obtain the cookie and potentially gain access to connected machines by redirecting the user's browser to a HTTP connection. The vulnerabilities are reported in KH1516i and KN9116. Other products may also be affected. SOLUTION: Use the products in trusted networks only. PROVIDED AND/OR DISCOVERED BY: Jakob Lell from the TU Berlin computer security working group ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-1473 // JVNDB: JVNDB-2009-003375 // BID: 35108 // VULHUB: VHN-38919 // PACKETSTORM: 78429

AFFECTED PRODUCTS

vendor:	aten	model:	kn9116 ip kvm switch	scope:	eq	version:	1.1.104	Trust: 1.6
vendor:	aten	model:	kh1516i ip kvm switch	scope:	eq	version:	1.0.063	Trust: 1.6
vendor:	aten	model:	kh1516i ip kvm switch	scope:	eq	version:	firmware 1.0.063 of java and windows client	Trust: 0.8
vendor:	aten	model:	kn9116 ip kvm switch	scope:	eq	version:	firmware 1.1.104 of java and windows client	Trust: 0.8
vendor:	aten	model:	ip kvm pn9108	scope:	eq	version:	0	Trust: 0.3
vendor:	aten	model:	ip kvm kn9116	scope:	eq	version:	1.1.1.014	Trust: 0.3
vendor:	aten	model:	ip kvm kh1516i	scope:	eq	version:	1.0.063	Trust: 0.3

sources: BID: 35108 // JVNDB: JVNDB-2009-003375 // CNNVD: CNNVD-200905-308 // NVD: CVE-2009-1473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1473
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-1473
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200905-308
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-38919
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-1473
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38919
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38919 // JVNDB: JVNDB-2009-003375 // CNNVD: CNNVD-200905-308 // NVD: CVE-2009-1473

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-38919 // JVNDB: JVNDB-2009-003375 // NVD: CVE-2009-1473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-308

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200905-308

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003375

PATCH

title:

Top Page

url:

http://www.aten.com/IP-KVM.htm

Trust: 0.8

sources: JVNDB: JVNDB-2009-003375

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1473	Trust: 2.8
db:	BID	id:	35108	Trust: 2.0
db:	SECUNIA	id:	35241	Trust: 1.8
db:	JVNDB	id:	JVNDB-2009-003375	Trust: 0.8
db:	XF	id:	50849	Trust: 0.6
db:	BUGTRAQ	id:	20090526 MULTIPLE VULNERABILITIES IN SEVERAL ATEN IP KVM SWITCHES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-308	Trust: 0.6
db:	VULHUB	id:	VHN-38919	Trust: 0.1
db:	PACKETSTORM	id:	78429	Trust: 0.1

sources: VULHUB: VHN-38919 // BID: 35108 // JVNDB: JVNDB-2009-003375 // PACKETSTORM: 78429 // CNNVD: CNNVD-200905-308 // NVD: CVE-2009-1473

REFERENCES

url:	http://www.securityfocus.com/bid/35108	Trust: 1.7
url:	http://secunia.com/advisories/35241	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/503827/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50849	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1473	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1473	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50849	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/503827/100/0/threaded	Trust: 0.6
url:	http://www.aten.com/ip-kvm.htm	Trust: 0.3
url:	/archive/1/503827	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/35241/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-38919 // BID: 35108 // JVNDB: JVNDB-2009-003375 // PACKETSTORM: 78429 // CNNVD: CNNVD-200905-308 // NVD: CVE-2009-1473

CREDITS

Jakob Lell jakob@cs.tu-berlin.de

Trust: 0.6

sources: CNNVD: CNNVD-200905-308

SOURCES

db:	VULHUB	id:	VHN-38919
db:	BID	id:	35108
db:	JVNDB	id:	JVNDB-2009-003375
db:	PACKETSTORM	id:	78429
db:	CNNVD	id:	CNNVD-200905-308
db:	NVD	id:	CVE-2009-1473

LAST UPDATE DATE

2025-04-10T23:05:08.804000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38919	date:	2018-10-10T00:00:00
db:	BID	id:	35108	date:	2009-05-27T00:10:00
db:	JVNDB	id:	JVNDB-2009-003375	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-308	date:	2009-06-20T00:00:00
db:	NVD	id:	CVE-2009-1473	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38919	date:	2009-05-27T00:00:00
db:	BID	id:	35108	date:	2009-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2009-003375	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	78429	date:	2009-06-16T07:05:06
db:	CNNVD	id:	CNNVD-200905-308	date:	2009-05-27T00:00:00
db:	NVD	id:	CVE-2009-1473	date:	2009-05-27T16:30:01.797