CVE-2024-8455

Sažetak

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models, the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength, unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

Reference

https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html
https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html

CVSS

Base:	5.9
Impact:	3.6
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

04-10-2024 - 14:45

Objavljeno

30-09-2024 - 08:15