CVE-2024-8455 Information

Description

The swctrl service is used to detect and remotely manage PLANET Technology devices. For certain switch models the authentication tokens used during communication with this service are encoded user passwords. Due to insufficient strength unauthorized remote attackers who intercept the packets can directly crack them to obtain plaintext passwords.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1