Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-8455

Опубликовано: 30 сент. 2024
Источник: nvd
CVSS3: 8.1
CVSS3: 5.9
EPSS Низкий

Описание

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
Версия до 3.305b240802 (исключая)
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
Версия до 2.305b240719 (исключая)
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:planet:igs-5225-4up1t2s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:planet:igs-5225-4up1t2s:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 36%
0.00155
Низкий

8.1 High

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-261
CWE-326

Связанные уязвимости

github логотип

GHSA-j5f8-53mj-mghf

CVSS3: 8.1
github
больше 1 года назад

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

EPSS

Процентиль: 36%
0.00155
Низкий

8.1 High

CVSS3

5.9 Medium

CVSS3

Дефекты

CWE-261
CWE-326