| Vulnerability Name: | CVE-2009-4295 (CCN-54691) | ||||||||
| Assigned: | 2009-12-09 | ||||||||
| Published: | 2009-12-09 | ||||||||
| Updated: | 2009-12-14 | ||||||||
| Summary: | Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-310 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-4295 Source: CCN Type: SA37627 Sun Ray Server Software Multiple Vulnerabilities Source: CONFIRM Type: Patch http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-07-1 Source: CCN Type: Sun Alert ID: 270549 A Security Vulnerability in the Generation of Encryption Keys for Sun Ray Firmware Source: SUNALERT Type: Vendor Advisory 270549 Source: CCN Type: OSVDB ID: 60904 Sun Ray Server Software Firmware Encryption Key Weakness Information Disclosure Source: BID Type: Patch 37285 Source: CCN Type: BID-37285 Sun Ray Server Firmware Insecure Key Generation Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2009-3477 Source: XF Type: UNKNOWN sun-ray-keys-weak-security(54691) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||