CVE-2024-8453
low-risk
Published 2024-09-30
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext passwords.
Do I need to act?
-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (2)
Gs-4210-24P2S Firmware
Gs-4210-24Pl4C Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.twcert.org.tw/en/cp-139-8056-09688-2.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8055-2c361-1.html
28
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
7/34 · Low