SecuriTricks - CVE-2024-8451

Description

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.

Product(s) Impacted

Vendor	Product	Versions
Planet	Gs-4210-24p2s Firmware Gs-4210-24p2s Gs-4210-24pl4c Firmware Gs-4210-24pl4c	* 3.0 * 2.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-280

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	planet	gs-4210-24p2s_firmware	/	/	/	/	/	/	/	/
h	planet	gs-4210-24p2s	3.0	/	/	/	/	/	/	/
o	planet	gs-4210-24pl4c_firmware	/	/	/	/	/	/	/	/
h	planet	gs-4210-24pl4c	2.0	/	/	/	/	/	/	/

References

https://www.twcert.org.tw/en/cp-139-8052-ac0ea-2.html

https://www.twcert.org.tw/tw/cp-132-8051-5048e-1.html

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: Sept. 30, 2024, 7:15 a.m.
Last Modified: Oct. 4, 2024, 3:09 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

twcert@cert.org.tw

CVE-2024-8451