Lucene search

BrocadeCVE-2024-5460

HistoryJun 26, 2024 - 12:15 a.m.

CVE-2024-5460

2024-06-2600:15:11

CWE-798

brocade

web.nvd.nist.gov

brocade fabric os

snmp

vulnerability

remote attacker

hard-coded community string

snmp version 1

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.1%

JSON

A vulnerability in the default configuration of the Simple Network
Management Protocol (SNMP) feature of Brocade Fabric OS versions before
v9.0.0 could allow an authenticated, remote attacker to read data from
an affected device via SNMP. The vulnerability is due to hard-coded,
default community string in the configuration file for the SNMP daemon.
An attacker could exploit this vulnerability by using the static
community string in SNMP version 1 queries to an affected device.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "prior to v9.0.0"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-5460