Lucene search

BrocadeCVELIST:CVE-2024-5460

HistoryJun 25, 2024 - 11:58 p.m.

CVE-2024-5460 Brocade Fabric OS versions prior to v9.0 have default community strings

2024-06-2523:58:10

CWE-798

brocade

www.cve.org

cve-2024-5460

brocade fabric os

snmp

default configuration

remote attack

hard-coded

configuration file

authentication

vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

9.1%

JSON

A vulnerability in the default configuration of the Simple Network
Management Protocol (SNMP) feature of Brocade Fabric OS versions before
v9.0.0 could allow an authenticated, remote attacker to read data from
an affected device via SNMP. The vulnerability is due to hard-coded,
default community string in the configuration file for the SNMP daemon.
An attacker could exploit this vulnerability by using the static
community string in SNMP version 1 queries to an affected device.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Fabric OS",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "prior to v9.0.0"
      }
    ]
  }
]

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-5460