Unauthorized SSH Connection Occupation Vulnerability in PLANET Technology Switch Models
CVE-2024-8451

7.5HIGH

Key Information:

Vendor: Planet Technology
Status: Gs-4210-24pl4c Hardware 2.0; Gs-4210-24p2s Hardware 3.0
Vendor: CVE Published:; 30 September 2024

🔔 Create Planet Technology Vulnerability Alert

What is CVE-2024-8451?

Certain models of network switches from PLANET Technology contain a vulnerability in their SSH service, which inadequately manages authentication for connection requests. This flaw could be exploited by unauthorized remote attackers, allowing them to occupy connection slots. As a result, legitimate users are hindered from accessing the SSH service, potentially disrupting operations and compromising network security.

Affected Version(s)

GS-4210-24P2S hardware 3.0 0 < 3.305b240802

GS-4210-24PL4C hardware 2.0 0 < 2.305b240719

References

https://www.twcert.org.tw/tw/cp-132-8051-5048e-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8052-ac0ea-2.html

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2024
Vulnerability Reserved
Sep 5, 2024