CVEブラウザに戻る

CVE-2009-1477

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1710%

EPSS Percentile15.75th

Published2009年5月27日

Last Modified2026年4月23日

Vulnerability Description

The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer.

Affected Platforms (CPE)

🔌

Aten

Kh1516i Ip Kvm Switch

= 1.0.063

🔌

Aten

Kn9116 Ip Kvm Switch

= 1.1.104

🔌

Aten

Pn9108 Power Over The Net

All versions

References & Advisories

🔗 http://www.securityfocus.com/archive/1/503827/100/0/threaded

🔗 http://www.securityfocus.com/bid/35108

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/50851

🔗 http://www.securityfocus.com/archive/1/503827/100/0/threaded

🔗 http://www.securityfocus.com/bid/35108

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/50851

関連する脆弱性情報

CVE-2009-147210.0

The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.10...

CVE-2009-147310.0

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch...

CVE-2009-14747.6

The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse e...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...