CVE-2024-8452

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 15:10

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-8054-231ad-2.html - () https://www.twcert.org.tw/en/cp-139-8054-231ad-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8053-274bd-1.html - () https://www.twcert.org.tw/tw/cp-132-8053-274bd-1.html - Third Party Advisory
First Time Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24pl4c
Planet gs-4210-24p2s Firmware
Planet
CPE cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Ciertos modelos de conmutadores de PLANET Technology solo admiten algoritmos obsoletos para el protocolo de autenticación y el protocolo de cifrado en el servicio SNMPv3, lo que permite a los atacantes obtener potencialmente credenciales SNMPv3 en texto plano.

30 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 07:15

Updated : 2024-10-04 15:10


NVD link : CVE-2024-8452

Mitre link : CVE-2024-8452

CVE.ORG link : CVE-2024-8452


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c
  • gs-4210-24p2s_firmware
  • gs-4210-24pl4c_firmware
  • gs-4210-24p2s
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-328

Use of Weak Hash