CVE-2024-8455

Summary

CVE-2024-8455 is a vulnerability affecting the swctrl service used by PLANET Technology for device detection and remote management. This issue lies in the authentication tokens used during communication with the service, which are encoded user passwords. Due to insufficient strength, an unauthorized remote attacker who intercepts the packets can directly crack the tokens to obtain the plaintext passwords, posing a significant security risk. This vulnerability could potentially allow attackers to gain unauthorized access to affected devices, leading to potential data breaches and other malicious activities. It is recommended that organizations using PLANET Technology switches update their software to address this issue and implement strong password policies to mitigate potential threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.