CVE-2024-8454

Summary

The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote attackers to send crafted packets that can crash the service.

Affected Software

VendorProductVersion RangeStatus
PLANET TechnologyGS-4210-24PL4C hardware 2.00 < 2.305b240719affected
PLANET TechnologyGS-4210-24P2S hardware 3.00 < 3.305b240802affected
PLANET TechnologyIGS-5225-4UP1T2S hardware 1.00affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference
  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References