CVE-2024-8453
Published: 30 September 2024
Summary
CVE-2024-8453 is a medium-severity Use of Weak Hash (CWE-328) vulnerability in Planet Gs-4210-24P2S Firmware. Its CVSS base score is 4.9 (Medium).
Operationally, ranked at the 30.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49187
Vulnerability details
Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext…
more
passwords.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Security associations provide guidance on proper one-way hash usage including salting, reducing the chance of unsalted implementations.
Requires appropriate hash functions for cryptographic uses, preventing reliance on weak hashes.
Security updates supplant weak hashing algorithms with stronger alternatives before attackers can exploit the original weakness.