CVE-2009-1472 : The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063

The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session.

Published 2009-05-27 16:30:02

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-1472

Aten » Kh1516i Ip Kvm Switch » Version: 1.0.063 Java Client Edition
cpe:2.3:h:aten:kh1516i_ip_kvm_switch:1.0.063:-:java_client:*:*:*:*:*
Matching versions
Aten » Kn9116 Ip Kvm Switch » Version: 1.1.104 Java Client Edition
cpe:2.3:h:aten:kn9116_ip_kvm_switch:1.1.104:-:java_client:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-1472

EPSS FAQ

0.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 37 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-1472

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1472

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1472

Jump to

Vulnerability Details : CVE-2009-1472

Products affected by CVE-2009-1472

Exploit prediction scoring system (EPSS) score for CVE-2009-1472

CVSS scores for CVE-2009-1472

CWE ids for CVE-2009-1472

References for CVE-2009-1472