{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8459", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-09-05T02:53:12.647Z", "datePublished": "2024-09-30T07:59:27.614Z", "dateUpdated": "2024-09-30T16:13:57.982Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GS-4210-24PL4C hardware 2.0", "vendor": "PLANET Technology", "versions": [{"lessThan": "2.305b240719", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "GS-4210-24P2S hardware 3.0", "vendor": "PLANET Technology", "versions": [{"lessThan": "3.305b240802", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-09-30T07:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.</span>\n\n</span>"}], "value": "Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-09-30T07:59:27.614Z"}, "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html"}, {"url": "https://www.twcert.org.tw/en/cp-139-8068-8aaa5-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.</span>\n\n<br>"}], "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later."}], "source": {"advisory": "TVN-202409015", "discovery": "EXTERNAL"}, "title": "PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "planet_technology_corp", "product": "gs-4210-24pl4c_hardware_2.0", "cpes": ["cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "unknown", "lessThan": "2.305b240719", "versionType": "custom"}]}, {"vendor": "planet_technology_corp", "product": "gs-4210-24pl4c_hardware_3.0", "cpes": ["cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.305b240802", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T16:09:15.112796Z", "id": "CVE-2024-8459", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T16:13:57.982Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-30T16:09:15.112796Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_2.0:*:*:*:*:*:*:*:*"], "vendor": "planet_technology_corp", "product": "gs-4210-24pl4c_hardware_2.0", "versions": [{"status": "unknown", "version": "0", "lessThan": "2.305b240719", "versionType": "custom"}], "defaultStatus": "affected"}, {"cpes": ["cpe:2.3:a:planet_technology_corp:gs-4210-24pl4c_hardware_3.0:*:*:*:*:*:*:*:*"], "vendor": "planet_technology_corp", "product": "gs-4210-24pl4c_hardware_3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "3.305b240802", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T16:13:48.359Z"}}], "cna": {"title": "PLANET Technology switch devices - Cleartext storage of SNMPv3 users' passwords", "source": {"advisory": "TVN-202409015", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PLANET Technology", "product": "GS-4210-24PL4C hardware 2.0", "versions": [{"status": "affected", "version": "0", "lessThan": "2.305b240719", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "PLANET Technology", "product": "GS-4210-24P2S hardware 3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "3.305b240802", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.\nUpdate firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update firmware of GS-4210-24PL4C hardware 2.0 to version 2.305b240719 or later.</span><br><span style=\"background-color: rgb(255, 255, 255);\">Update firmware of GS-4210-24P2S hardware 3.0 to version 3.305b240802 or later.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-09-30T07:54:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html"}, {"url": "https://www.twcert.org.tw/en/cp-139-8068-8aaa5-2.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials.</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-09-30T07:59:27.614Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8459", "state": "PUBLISHED", "dateUpdated": "2024-09-30T16:13:57.982Z", "dateReserved": "2024-09-05T02:53:12.647Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-09-30T07:59:27.614Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "89C0B4AA-848F-4AAC-8C51-8C10AEF0630A", "versionEndExcluding": "3.305b240802", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A30964B-E6B8-4B8A-BE2E-882C0F3D8298", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E17E272-4418-4CE7-8E59-44953D19D659", "versionEndExcluding": "2.305b240719", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F8029517-8FAB-4130-81F3-98BB09F4814E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and obtain the credentials."}, {"lang": "es", "value": "Ciertos modelos de conmutadores de PLANET Technology almacenan las contrase\u00f1as de los usuarios de SNMPv3 en texto plano dentro de los archivos de configuraci\u00f3n, lo que permite a atacantes remotos con privilegios de administrador leer el archivo y obtener las credenciales."}], "id": "CVE-2024-8459", "lastModified": "2024-10-04T14:42:35.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2024-09-30T08:15:05.460", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8068-8aaa5-2.html"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8067-2fc50-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}