Details of VAR-200905-0265

ID

VAR-200905-0265

CVE

CVE-2009-1477

TITLE

ATEN KH1516i IP KVM On the switch https Web In the interface https Session decryption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003378

DESCRIPTION

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer. - A remote code-execution vulnerability is present. - A security vulnerability may allow attackers to gain access to the session key. - A security vulnerability may allow attackers to gain access to mouse events. - A security vulnerability may allow attackers to gain access to the session ID. Attackers can exploit these issues to execute Java code, compromise and gain unauthorized access to the affected device connected to the KVM, gain access to the session key, and gain access to the session ID. Other attacks are also possible. IP KVM is a series of switch equipment developed by Taiwan Acer Technology Co., Ltd. All devices use the same SSL key KH1516i, KN9116, and PN9108 model devices use the same SSL key for the HTTPS web interface

Trust: 1.98

sources: NVD: CVE-2009-1477 // JVNDB: JVNDB-2009-003378 // BID: 35108 // VULHUB: VHN-38923

AFFECTED PRODUCTS

vendor:	aten	model:	kn9116 ip kvm switch	scope:	eq	version:	1.1.104	Trust: 1.6
vendor:	aten	model:	kh1516i ip kvm switch	scope:	eq	version:	1.0.063	Trust: 1.6
vendor:	aten	model:	pn9108 power over the net	scope:	-	version:	-	Trust: 1.4
vendor:	aten	model:	pn9108 power over the net	scope:	eq	version:	*	Trust: 1.0
vendor:	aten	model:	kh1516i ip kvm switch	scope:	eq	version:	firmware 1.0.063	Trust: 0.8
vendor:	aten	model:	kn9116 ip kvm switch	scope:	eq	version:	firmware 1.1.104	Trust: 0.8
vendor:	aten	model:	ip kvm pn9108	scope:	eq	version:	0	Trust: 0.3
vendor:	aten	model:	ip kvm kn9116	scope:	eq	version:	1.1.1.014	Trust: 0.3
vendor:	aten	model:	ip kvm kh1516i	scope:	eq	version:	1.0.063	Trust: 0.3

sources: BID: 35108 // JVNDB: JVNDB-2009-003378 // CNNVD: CNNVD-200905-310 // NVD: CVE-2009-1477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1477
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-1477
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200905-310
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-38923
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-1477
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38923
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38923 // JVNDB: JVNDB-2009-003378 // CNNVD: CNNVD-200905-310 // NVD: CVE-2009-1477

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-38923 // JVNDB: JVNDB-2009-003378 // NVD: CVE-2009-1477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200905-310

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200905-310

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003378

PATCH

title:

Top Page

url:

http://www.aten.com/IP-KVM.htm

Trust: 0.8

sources: JVNDB: JVNDB-2009-003378

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1477	Trust: 2.8
db:	BID	id:	35108	Trust: 2.0
db:	JVNDB	id:	JVNDB-2009-003378	Trust: 0.8
db:	BUGTRAQ	id:	20090526 MULTIPLE VULNERABILITIES IN SEVERAL ATEN IP KVM SWITCHES	Trust: 0.6
db:	XF	id:	50851	Trust: 0.6
db:	CNNVD	id:	CNNVD-200905-310	Trust: 0.6
db:	VULHUB	id:	VHN-38923	Trust: 0.1

sources: VULHUB: VHN-38923 // BID: 35108 // JVNDB: JVNDB-2009-003378 // CNNVD: CNNVD-200905-310 // NVD: CVE-2009-1477

REFERENCES

url:	http://www.securityfocus.com/bid/35108	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/503827/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50851	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1477	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1477	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50851	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/503827/100/0/threaded	Trust: 0.6
url:	http://www.aten.com/ip-kvm.htm	Trust: 0.3
url:	/archive/1/503827	Trust: 0.3

sources: VULHUB: VHN-38923 // BID: 35108 // JVNDB: JVNDB-2009-003378 // CNNVD: CNNVD-200905-310 // NVD: CVE-2009-1477

CREDITS

Jakob Lell jakob@cs.tu-berlin.de

Trust: 0.6

sources: CNNVD: CNNVD-200905-310

SOURCES

db:	VULHUB	id:	VHN-38923
db:	BID	id:	35108
db:	JVNDB	id:	JVNDB-2009-003378
db:	CNNVD	id:	CNNVD-200905-310
db:	NVD	id:	CVE-2009-1477

LAST UPDATE DATE

2025-04-10T23:05:08.871000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38923	date:	2018-10-10T00:00:00
db:	BID	id:	35108	date:	2009-05-27T00:10:00
db:	JVNDB	id:	JVNDB-2009-003378	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-310	date:	2009-06-09T00:00:00
db:	NVD	id:	CVE-2009-1477	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38923	date:	2009-05-27T00:00:00
db:	BID	id:	35108	date:	2009-05-26T00:00:00
db:	JVNDB	id:	JVNDB-2009-003378	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200905-310	date:	2009-05-27T00:00:00
db:	NVD	id:	CVE-2009-1477	date:	2009-05-27T16:30:01.827