CVE-2024-8454

The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*

History

04 Oct 2024, 15:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
CPE cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*
cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*
First Time Planet gs-4210-24pl4c Firmware
Planet gs-4210-24p2s
Planet gs-4210-24pl4c
Planet gs-4210-24p2s Firmware
Planet
References () https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html - () https://www.twcert.org.tw/en/cp-139-8058-cc391-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-8057-1b3fa-1.html - () https://www.twcert.org.tw/tw/cp-132-8057-1b3fa-1.html - Third Party Advisory

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) El servicio swctrl se utiliza para detectar y administrar de forma remota los dispositivos de PLANET Technology. Algunos modelos de conmutadores tienen una vulnerabilidad de denegación de servicio en el servicio swctrl, lo que permite que atacantes remotos no autenticados envíen paquetes manipulados que pueden hacer que el servicio se bloquee.

30 Sep 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-30 08:15

Updated : 2024-10-04 15:11


NVD link : CVE-2024-8454

Mitre link : CVE-2024-8454

CVE.ORG link : CVE-2024-8454


JSON object : View

Products Affected

planet

  • gs-4210-24pl4c
  • gs-4210-24p2s_firmware
  • gs-4210-24pl4c_firmware
  • gs-4210-24p2s
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-476

NULL Pointer Dereference