CVE-2024-29952

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238	Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 16:02

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 - Vendor Advisory
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
First Time		Broadcom brocade Sannav Broadcom

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -

18 Apr 2024, 13:04

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podría permitir que un usuario autenticado imprima las contraseñas del almacén de claves Auth, Priv y SSL en registros no cifrados manipulando variables de comando.

17 Apr 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-17 22:15

Updated : 2025-02-04 16:02

NVD link : CVE-2024-29952

Mitre link : CVE-2024-29952

CVE.ORG link : CVE-2024-29952

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-29952", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-04-17T22:15:08.080", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podr\u00eda permitir que un usuario autenticado imprima las contrase\u00f1as del almac\u00e9n de claves Auth, Priv y SSL en registros no cifrados manipulando variables de comando."}], "lastModified": "2025-02-04T16:02:13.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}