CVE-2024-29956

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23240	Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23240	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 15:58

Type	Values Removed	Values Added
First Time		Broadcom brocade Sannav Broadcom
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 - Vendor Advisory

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 -

18 Apr 2024, 13:04

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la contraseña de Brocade SANnav en texto plano en los registros de guardado de soporte cuando un usuario programa un cambio de guardado de soporte desde Brocade SANnav.

18 Apr 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-18 02:15

Updated : 2025-02-04 15:58

NVD link : CVE-2024-29956

Mitre link : CVE-2024-29956

CVE.ORG link : CVE-2024-29956

JSON object : View

Products Affected

broadcom

brocade_sannav

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-29956", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-04-18T02:15:06.797", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23240", "tags": ["Vendor Advisory"], "source": "sirt@brocade.com"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23240", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la contrase\u00f1a de Brocade SANnav en texto plano en los registros de guardado de soporte cuando un usuario programa un cambio de guardado de soporte desde Brocade SANnav."}], "lastModified": "2025-02-04T15:58:26.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a"}], "operator": "OR"}]}], "sourceIdentifier": "sirt@brocade.com"}