Vulnerabilities > CVE-2024-8451 - Improper Handling of Insufficient Permissions or Privileges vulnerability in Planet Gs-4210-24P2S Firmware and Gs-4210-24Pl4C Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

planet

CWE-280

NVD

Published: 2024-09-30

Updated: 2024-10-04

Summary

Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.

Vulnerable Configurations

Part	Description	Count
OS	Planet Planet GS 4210 24P2S Firmware * Planet GS 4210 24Pl4C Firmware *	2
Hardware	Planet Planet GS 4210 24P2S 3.0 Planet GS 4210 24Pl4C 2.0	2

Common Weakness Enumeration (CWE)

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

References

https://www.twcert.org.tw/tw/cp-132-8051-5048e-1.html
https://www.twcert.org.tw/en/cp-139-8052-ac0ea-2.html