Lucene search

[email protected]CVE-2024-29958

HistoryApr 19, 2024 - 4:15 a.m.

CVE-2024-29958

2024-04-1904:15:09

CWE-532

[email protected]

web.nvd.nist.gov

brocade sannav

vulnerability

encryption key

exposure

privileged user

script execution

management portal

standby node

attackers

less protected

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Brocade SANnav",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before v2.3.1 and v2.3.0a"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23242

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-29958

nvd1 vulnrichment1 broadcom1 cvelist1