VAR-200905-0261
Vulnerability from variot - Updated: 2023-12-18 12:31The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session. Multiple ATEN IP KVM switches are prone to multiple remote vulnerabilities and a weakness: - A security weakness may allow attackers to decrypt HTTP traffic. - A remote code-execution vulnerability is present. - A security vulnerability may allow attackers to gain access to the session key. - A security vulnerability may allow attackers to gain access to mouse events. - A security vulnerability may allow attackers to gain access to the session ID. Other attacks are also possible. IP KVM is a series of switch equipment developed by Taiwan Acer Technology Co., Ltd. The Java client executes arbitrary code. The Java client program connects to the kvm switch on port 9002 and then downloads and runs the new Java class. This connection is encrypted using AES, but the encryption key is hardcoded in the client program. An attacker acting as a man-in-the-middle can inject other Java classes, resulting in arbitrary Java code execution on the client machine
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kh1516i ip kvm switch",
"scope": "eq",
"trust": 1.6,
"vendor": "aten",
"version": "1.0.063"
},
{
"model": "kn9116 ip kvm switch",
"scope": "eq",
"trust": 1.6,
"vendor": "aten",
"version": "1.1.104"
},
{
"model": "kh1516i ip kvm switch",
"scope": "eq",
"trust": 0.8,
"vendor": "aten",
"version": "firmware 1.0.063 of java client"
},
{
"model": "kn9116 ip kvm switch",
"scope": "eq",
"trust": 0.8,
"vendor": "aten",
"version": "firmware 1.1.104 of java client"
},
{
"model": "ip kvm pn9108",
"scope": "eq",
"trust": 0.3,
"vendor": "aten",
"version": "0"
},
{
"model": "ip kvm kn9116",
"scope": "eq",
"trust": 0.3,
"vendor": "aten",
"version": "1.1.1.014"
},
{
"model": "ip kvm kh1516i",
"scope": "eq",
"trust": 0.3,
"vendor": "aten",
"version": "1.0.063"
}
],
"sources": [
{
"db": "BID",
"id": "35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1472"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakob Lell jakob@cs.tu-berlin.de",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1472",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-1472",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-38918",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-1472",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200905-307",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-38918",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38918"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session. Multiple ATEN IP KVM switches are prone to multiple remote vulnerabilities and a weakness:\n- A security weakness may allow attackers to decrypt HTTP traffic. \n- A remote code-execution vulnerability is present. \n- A security vulnerability may allow attackers to gain access to the session key. \n- A security vulnerability may allow attackers to gain access to mouse events. \n- A security vulnerability may allow attackers to gain access to the session ID. Other attacks are also possible. IP KVM is a series of switch equipment developed by Taiwan Acer Technology Co., Ltd. The Java client executes arbitrary code. The Java client program connects to the kvm switch on port 9002 and then downloads and runs the new Java class. This connection is encrypted using AES, but the encryption key is hardcoded in the client program. An attacker acting as a man-in-the-middle can inject other Java classes, resulting in arbitrary Java code execution on the client machine",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "BID",
"id": "35108"
},
{
"db": "VULHUB",
"id": "VHN-38918"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1472",
"trust": 2.8
},
{
"db": "BID",
"id": "35108",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090526 MULTIPLE VULNERABILITIES IN SEVERAL ATEN IP KVM SWITCHES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-38918",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38918"
},
{
"db": "BID",
"id": "35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"id": "VAR-200905-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-38918"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:31:46.082000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aten.com/ip-kvm.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38918"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/35108"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1472"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1472"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/503827/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.aten.com/ip-kvm.htm"
},
{
"trust": 0.3,
"url": "/archive/1/503827"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-38918"
},
{
"db": "BID",
"id": "35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-38918"
},
{
"db": "BID",
"id": "35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-38918"
},
{
"date": "2009-05-26T00:00:00",
"db": "BID",
"id": "35108"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"date": "2009-05-27T16:30:01.767000",
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"date": "2009-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-38918"
},
{
"date": "2009-05-27T00:10:00",
"db": "BID",
"id": "35108"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-003374"
},
{
"date": "2018-10-10T19:37:03.377000",
"db": "NVD",
"id": "CVE-2009-1472"
},
{
"date": "2009-06-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ATEN KH1516i IP KVM Switch Java Vulnerability in a client program that gains access to the machine connected to the switch",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-003374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-307"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…