Re: Multiple vulnerabilities in several ATEN IP KVM Switches

["Glenn Rossi" <dragon () midatlanticbb com>]

I emailed you last week but did not receive a response.

What about units like the CN5000 that do not appear anywhere on your 
website?  We have two of these and are very concerned about the below-
referenced vulnerability.

Will a firmware upgrade for these units be forthcoming as well, or do 
we now own hundreds of dollars worth of paperweights?



> This is Technical Support Team from ATEN.
>
> Firstly, we appreciate all suggestions from Germany TUB LAB.
> Undoubtedly, guaranteeing our KVM products with robust security
> mechanism is our responsibility. 
>
> After discussing with Germany TUB LAB, we believe all security issues
> could be fixed by new Firmware version as below. 
>
> - KH1508i/KH1516i v1.0.068 
> - KN9108/KN9116 v1.1.109 
> - PN9108 v1.8.179 
>
> Scheduled Release Date is around Aug. 17, 2009 
>
> Please visit our ATEN official site later.
> http://www.aten.com/download/download.php
>
> As for SSL Certificate, SSL Certificate import function has built into
> our KVM above with new firmware. We strongly suggest our KVM users to
> import their individual Certificate for advanced security concern. We
> will tell our KVM users how to generate their own Certificate by
> openssl tool in our product manual later. 
>
> Thanks,
> ATEN SUPPORT

--
Glenn Rossi
Operations/Security/Engineering
MidAtlantic BroadBand/Staffnet/Protel
------------------------------------------
voice:  (866) HELP-KIT ext 132

web:    http://www.midatlanticbb.com
email:  mailto:webmaster () midatlanticbb com
fax:    (410) 727-8245
handle: dragon
------------------------------------------
MidAtlantic BroadBand
729 East Pratt St., Suite 440
Baltimore, MD USA 21202
------------------------------------------
Without security, freedom is not possible.
------------------------------------------