mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
128 lines
3.7 KiB
JSON
128 lines
3.7 KiB
JSON
{
|
|
"id": "CVE-2024-8456",
|
|
"sourceIdentifier": "twcert@cert.org.tw",
|
|
"published": "2024-09-30T08:15:04.797",
|
|
"lastModified": "2024-10-04T14:45:39.920",
|
|
"vulnStatus": "Analyzed",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Ciertos modelos de conmutadores de PLANET Technology carecen de un control de acceso adecuado en la funcionalidad de carga y descarga de firmware, lo que permite que atacantes remotos no autenticados descarguen y carguen firmware y configuraciones del sistema, obteniendo en \u00faltima instancia el control total de los dispositivos."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "twcert@cert.org.tw",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "twcert@cert.org.tw",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-306"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:planet:gs-4210-24p2s_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "3.305b240802",
|
|
"matchCriteriaId": "89C0B4AA-848F-4AAC-8C51-8C10AEF0630A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:planet:gs-4210-24p2s:3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2A30964B-E6B8-4B8A-BE2E-882C0F3D8298"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:planet:gs-4210-24pl4c_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.305b240719",
|
|
"matchCriteriaId": "0E17E272-4418-4CE7-8E59-44953D19D659"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:planet:gs-4210-24pl4c:2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8029517-8FAB-4130-81F3-98BB09F4814E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://www.twcert.org.tw/en/cp-139-8062-92f17-2.html",
|
|
"source": "twcert@cert.org.tw",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.twcert.org.tw/tw/cp-132-8061-91872-1.html",
|
|
"source": "twcert@cert.org.tw",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |