Lucene search

[email protected]CVE-2024-29967

HistoryApr 19, 2024 - 5:15 a.m.

CVE-2024-29967

2024-04-1905:15:49

CWE-276

[email protected]

web.nvd.nist.gov

brocade sannav

docker

insecure mount points

sensitive files

sudo privileged user

vulnerability

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Brocade SANnav",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": " before Brocade SANnav v2.31 and v2.3.0a"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23254

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-29967

nvd1 broadcom1 vulnrichment1 cvelist1