CVE-2024-8455 – CVE-2024-8455 allows attackers to intercept aut... (How to Fix)

Q: What is the severity of CVE-2024-8455?

CVE-2024-8455 has a CVSS score of 8.1 (HIGH). CVE-2024-8455 allows attackers to intercept authentication tokens used by PLANET Technology's swctrl service and crack them to obtain plaintext passwords. This affects certain PLANET switch models that use weak encoding for authentication. Attackers can gain unauthorized access to network devices.

📋 TL;DR

CVE-2024-8455 allows attackers to intercept authentication tokens used by PLANET Technology's swctrl service and crack them to obtain plaintext passwords. This affects certain PLANET switch models that use weak encoding for authentication. Attackers can gain unauthorized access to network devices.

💻 Affected Systems

Products:

PLANET Technology switches with swctrl service

Versions: Specific models mentioned in TW-CERT advisories

Operating Systems: Embedded switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific switch models where swctrl service uses weak password encoding. Check TW-CERT references for exact models.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access to network switches, enabling network disruption, data interception, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Unauthorized access to switch management interfaces leading to configuration changes, network monitoring, and credential harvesting.

🟢

If Mitigated

Limited impact if network segmentation isolates management interfaces and strong authentication controls are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires packet interception capability but uses straightforward cryptographic attacks on weak encoding.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check PLANET Technology firmware updates

Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html

Restart Required: Yes

Instructions:

1. Check PLANET Technology website for firmware updates. 2. Download appropriate firmware for your switch model. 3. Backup current configuration. 4. Apply firmware update via web interface or CLI. 5. Verify service is updated and functioning.

🔧 Temporary Workarounds

Disable swctrl service

all

Disable the vulnerable service if not required for remote management

Check device documentation for service disable commands

Network segmentation

all

Isolate switch management interfaces from untrusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit swctrl service exposure
Monitor network traffic for unauthorized access attempts to switch management interfaces

🔍 How to Verify

Check if Vulnerable:

Check if device uses swctrl service and verify firmware version against vulnerable models in TW-CERT advisories

Check Version:

show version (CLI) or check web interface system information

Verify Fix Applied:

Verify firmware has been updated to latest version and test authentication token strength

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts
Unauthorized configuration changes
Unusual swctrl service access

Network Indicators:

Unusual traffic to switch management ports
Packet capture showing swctrl protocol interception

SIEM Query:

source_ip=switch_management_interface AND (event_type=auth_failure OR protocol=swctrl)

📊 Metadata

CVE ID: CVE-2024-8455

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-261

Published: September 30, 2024

Last Updated: October 4, 2024

🔗 References

https://www.twcert.org.tw/en/cp-139-8060-f3955-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8059-bde5f-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8455, you might also want to check these: