Lucene search

BrocadeVULNRICHMENT:CVE-2024-29957

HistoryApr 19, 2024 - 3:11 a.m.

CVE-2024-29957 Encryption key is stored in the DR log files

2024-04-1903:11:25

CWE-532

brocade

github.com

dr log files

brocade sannav

encryption key

disaster recovery mode

security risk

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"
    ],
    "vendor": "brocade",
    "product": "sannav",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.3.0a",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23241

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-29957