Lucene search

BrocadeVULNRICHMENT:CVE-2024-29961

HistoryApr 19, 2024 - 3:59 a.m.

CVE-2024-29961 supply-chain attack risk

2024-04-1903:59:25

CWE-200

brocade

github.com

brocade sannav

vulnerability

supply-chain attack

risk

gridgain.com

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Brocade SANnav",
    "vendor": "Brocade",
    "versions": [
      {
        "status": "affected",
        "version": "before v2.3.1 and v2.3.0a"
      }
    ]
  }
]

References

support.broadcom.com/external/content/SecurityAdvisories/0/23246

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-29961