CVE-2024-8451
moderate-risk
Published 2024-09-30
Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakness to occupy connection slots and prevent legitimate users from accessing the SSH service.
Do I need to act?
-
0.86% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Gs-4210-24P2S Firmware
Gs-4210-24Pl4C Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.twcert.org.tw/en/cp-139-8052-ac0ea-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8051-5048e-1.html
36
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
7/34 · Low