CVE-2024-8449

Summary

CVE-2024-8449 is a recently disclosed vulnerability affecting select switch models from PLANET Technology. This issue arises due to a hard-coded credential in the password recovery functionality, enabling unauthenticated attackers to gain access to the device via the serial console. Once connected, adversaries can exploit this vulnerability to reset any user's password, potentially compromising network security. This hard-coded credential poses a significant risk, as it bypasses the standard authentication process, allowing malicious actors to gain unrestricted access to the affected devices. Organizations utilizing these switch models are advised to apply the available patches or updates as soon as possible to mitigate this security concern.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.