A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches (CVE-2024-29965).

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (“SSH”). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

Note: The backup file contains several configuration files, including passwords, the entire database with the admin users, and the switches’ configuration.
An attacker with local access to the appliance can recover backup files and restore them to a new malicious appliance. The attacker can then do an air-gapped analysis by sniffing the malicious appliance’s network interface and retrieving the passwords of all the switches. Reverse engineering of the custom encryption mechanism can also retrieve the passwords.