CVE-2024-8452

Summary

Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 credentials potentially.

Affected Software

VendorProductVersion RangeStatus
PLANET TechnologyGS-4210-24PL4C hardware 2.00 < 2.305b240719affected
PLANET TechnologyGS-4210-24P2S hardware 3.00 < 3.305b240802affected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm
  • CWE-328: CWE-328 Use of Weak Hash

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References