CVE-2009-4295

CWE-3103 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 41.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN RAY Server Software
Timeline
PublishedDec 11
Latest updateMay 2

Description

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDsun/ray4.0, 4.1+1

Patches

Patch: sunsolve.sun.comPatch: www.securityfocus.comPatch: sunsolve.sun.com

🔴Vulnerability Details

2
GHSA
GHSA-v37p-x44j-8r75: Sun Ray Server Software 42022-05-02
CVEList
CVE-2009-4295: Sun Ray Server Software 42009-12-11
CVE-2009-4295 (HIGH CVSS 7.8) | Sun Ray Server Software 4.0 and 4.1 | cvebase.io