HIGH🇬🇧 English

CVE-2024-8455

CVSS 8.1v3.1pub. 2024-09-30upd. 2024-10-04

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Planet Gs 4210 24p2s

    HW
    Planet
    3.0
  • Planet Gs 4210 24p2s Firmware

    OS
    Planet
    < 3.305b240802
  • Planet Gs 4210 24pl4c

    HW
    Planet
    2.0
  • Planet Gs 4210 24pl4c Firmware

    OS
    Planet
    < 2.305b240719
  • Planet Igs 5225 4up1t2s

    HW
    Planet
    1.0
  • Planet Igs 5225 4up1t2s Firmware

    OS
    Planet
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-8456CRITICAL9.8PL ✓ten sam produkt

Brak kontroli dostępu w firmware PLANET GS-4210 — przejęcie pełnej kontroli

CVE-2024-8450HIGH8.6ten sam produkt

Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowin...

CVE-2024-8451HIGH7.5ten sam produkt

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authen...

CVE-2024-8452HIGH7.5ten sam produkt

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and ...

CVE-2024-8448HIGH8.8ten sam produkt

Certain switch models from PLANET Technology have a hard-coded credential in the specific command-line interfa...