mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
102 lines
3.6 KiB
JSON
102 lines
3.6 KiB
JSON
{
|
|
"id": "CVE-2009-1473",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2009-05-27T16:30:01.797",
|
|
"lastModified": "2018-10-10T19:37:03.563",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified \"client-side calculations.\""
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Los programas cliente (1) Windows and (2) Java para los switches ATEN KH1516i IP KVM con firmware 1.0.063 y KN9116 IP KVM con firmware 1.1.104 no usan de manera apropiada la criptograf\u00eda RSA en una negociaci\u00f3n de clave de sesi\u00f3n sim\u00e9trica, lo que facilita a atacantes remotos (a) desencriptar el tr\u00e1fico de red o (b) llevar a cabo ataques del tipo \"man in the middle (hombre en el medio)\", mediante la repetici\u00f3n de \"c\u00e1lculos en el lado del cliente\" no especificados."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 10.0
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-310"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:*:*:*:*:*",
|
|
"matchCriteriaId": "50ACA9FF-A214-4911-B3EC-39B3950FA5E1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:windows_client:*:*:*:*:*",
|
|
"matchCriteriaId": "BBB7093D-2C92-43E5-9FCC-6455F2814307"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:*:*:*:*:*",
|
|
"matchCriteriaId": "43CC1042-AB83-4B46-984B-98D98D133DAA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:windows_client:*:*:*:*:*",
|
|
"matchCriteriaId": "3111EE0D-155E-4031-9003-B9013BABEA76"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/503827/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/35108",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50849",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |