CVE-2024-29964

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29964
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

5.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
History

04 Feb 2025, 15:47

Type Values Removed Values Added
CPE cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
First Time Broadcom brocade Sannav
Broadcom
References () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - Vendor Advisory

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 - () https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 -

18 Sep 2024, 23:15

Type Values Removed Values Added
CWE CWE-200 CWE-732
Summary (en)  Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. (en) Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.

26 Apr 2024, 00:15

Type Values Removed Values Added
Summary (en) Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files. (en)  Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
CVSS v2 : unknown
v3 : 4.9 		v2 : unknown
v3 : 5.7

19 Apr 2024, 13:10

Type Values Removed Values Added
Summary
  • (es) Las instancias de Docker en Brocade SANnav anteriores a v2.3.1 y v2.3.0a tienen una arquitectura y configuración inseguras que generan múltiples vulnerabilidades. Los demonios de Docker están expuestos a la interfaz WAN y otras vulnerabilidades permiten un control total sobre el dispositivo Ova. Una instancia de Docker podría acceder a cualquier otra instancia y algunas podrían acceder a archivos confidenciales. La vulnerabilidad podría permitir que un usuario con privilegios sudo en el sistema operativo subyacente acceda y modifique estos archivos.

19 Apr 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-19 05:15

Updated : 2025-02-04 15:47

NVD link : CVE-2024-29964

Mitre link : CVE-2024-29964

CVE.ORG link : CVE-2024-29964

JSON object : View

Products Affected

broadcom

  • brocade_sannav
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource