Lucene search

BrocadeVULNRICHMENT:CVE-2024-29955

HistoryApr 17, 2024 - 10:11 p.m.

CVE-2024-29955 Insertion of Sensitive Information into Brocade SANnav Log File

2024-04-1722:11:51

CWE-532

brocade

github.com

brocade sannav

vulnerability

privileged user

encrypted key

postgresql

acquiring

encryption

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs.
This could provide attackers with an additional, less-protected path to acquiring the encryption key.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"
    ],
    "vendor": "brocade",
    "product": "sannav",
    "versions": [
      {
        "status": "affected",
        "version": "*2.3.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23239

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-29955