Cyber Resilience

CVE-2024-8453

Medium

Published: 30 September 2024

Published
30 September 2024
Modified
04 October 2024
KEV Added
Patch
CVSS Score v3.1 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0012 30.4th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-8453 is a medium-severity Use of Weak Hash (CWE-328) vulnerability in Planet Gs-4210-24P2S Firmware. Its CVSS base score is 4.9 (Medium).

Operationally, ranked at the 30.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files to obtain the hash values, and potentially crack them to retrieve the plaintext…

more

passwords.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

planet
gs-4210-24p2s firmware
≤ 3.305b240802
planet
gs-4210-24pl4c firmware
≤ 2.305b240719

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-759

Security associations provide guidance on proper one-way hash usage including salting, reducing the chance of unsalted implementations.

addresses: CWE-328

Requires appropriate hash functions for cryptographic uses, preventing reliance on weak hashes.

addresses: CWE-328

Security updates supplant weak hashing algorithms with stronger alternatives before attackers can exploit the original weakness.

References