CVE-2024-29954

{"id": "CVE-2024-29954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-06-26T00:15:10.263", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\n\nDetail.\nWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line."}, {"lang": "es", "value": "Una vulnerabilidad en una API de administraci\u00f3n de contrase\u00f1as en las versiones de Brocade Fabric OS anteriores a v9.2.1, v9.2.0b, v9.1.1d y v8.2.3e imprime informaci\u00f3n confidencial en archivos de registro. Esto podr\u00eda permitir a un usuario autenticado ver las contrase\u00f1as del servidor para protocolos como scp y sftp. Detalle. Cuando el comando de descarga de firmware se ingresa incorrectamente o apunta a un archivo err\u00f3neo, el registro de descarga de firmware captura el comando fallido, incluida cualquier contrase\u00f1a ingresada en la l\u00ednea de comando."}], "lastModified": "2024-08-06T16:07:07.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E81DB5A7-856B-4D79-86FE-45D0EB6CA554", "versionEndExcluding": "8.2.3e"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8271BD31-8795-4D66-A088-B82EDE143FD2", "versionEndExcluding": "9.1.1d", "versionStartIncluding": "9.0.1"}, {"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64256C4C-AF75-4D8F-80C3-E4EF4AC0CC8E", "versionEndExcluding": "9.2.0b", "versionStartIncluding": "9.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}