[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple vulnerabilities in several ATEN IP KVM Switches

I emailed you last week but did not receive a response.

What about units like the CN5000 that do not appear anywhere on your 
website?  We have two of these and are very concerned about the below-
referenced vulnerability.

Will a firmware upgrade for these units be forthcoming as well, or do 
we now own hundreds of dollars worth of paperweights?



> This is Technical Support Team from ATEN.
> 
> Firstly, we appreciate all suggestions from Germany TUB LAB.
> Undoubtedly, guaranteeing our KVM products with robust security
> mechanism is our responsibility. 
> 
> After discussing with Germany TUB LAB, we believe all security issues
> could be fixed by new Firmware version as below. 
> 
> - KH1508i/KH1516i v1.0.068 
> - KN9108/KN9116 v1.1.109 
> - PN9108 v1.8.179 
> 
> Scheduled Release Date is around Aug. 17, 2009 
> 
> Please visit our ATEN official site later.
> http://www.aten.com/download/download.php
> 
> As for SSL Certificate, SSL Certificate import function has built into
> our KVM above with new firmware. We strongly suggest our KVM users to
> import their individual Certificate for advanced security concern. We
> will tell our KVM users how to generate their own Certificate by
> openssl tool in our product manual later. 
> 
> Thanks,
> ATEN SUPPORT

--
Glenn Rossi
Operations/Security/Engineering
MidAtlantic BroadBand/Staffnet/Protel
------------------------------------------
voice:  (866) HELP-KIT ext 132

web:    http://www.midatlanticbb.com
email:  mailto:webmaster@xxxxxxxxxxxxxxxxx
fax:    (410) 727-8245
handle: dragon
------------------------------------------
MidAtlantic BroadBand
729 East Pratt St., Suite 440
Baltimore, MD USA 21202
------------------------------------------
Without security, freedom is not possible.
------------------------------------------