JVN#07957080
Dominion KX2-101 vulnerable to denial-of-service (DoS)
Overview
Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service (DoS) vulnerability.
Products Affected
- Dominion KX2-101
Description
Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service (DoS) vulnerability.
Impact
By receiving a specially crafted packet, the product may be forced to stop responding.
Solution
Upgrade to Dominion KX2-101 V2
The vulnerability has been addressed in Dominion KX2-101 V2.
Note that the developer is no longer selling and supporting Dominion KX2-101.
Vendor Status
Vendor | Link |
Raritan Japan, Inc. | Dominion KX II-101 V2 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2014.08.12 (CVSS Base Metrics)
Measures | Severity | Description | ||
---|---|---|---|---|
Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) | A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". |
Access Complexity(AC) | High (H) | Medium (M) | Low (L) | Specialized access conditions or extenuating circumstances do not exist. |
Authentication(Au) | Multiple (M) | Single (S) | None (N) | Authentication is not required to exploit the vulnerability. |
Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) | There is no impact to the confidentiality of the system. |
Integrity Impact(I) | None (N) | Partial (P) | Complete (C) | There is no impact to the integrity of the system. |
Availability Impact(A) | None (N) | Partial (P) | Complete (C) | There is a total shutdown of the affected resource. |
Base Score:7.8
Credit
Yusuke Okano reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2014-3901 |
JVN iPedia |
JVNDB-2014-000097 |