CVE-2024-5460

{"id": "CVE-2024-5460", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@brocade.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2024-06-26T00:15:11.093", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409", "source": "sirt@brocade.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "sirt@brocade.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the default configuration of the Simple Network \nManagement Protocol (SNMP) feature of Brocade Fabric OS versions before \nv9.0.0 could allow an authenticated, remote attacker to read data from \nan affected device via SNMP. The vulnerability is due to hard-coded, \ndefault community string in the configuration file for the SNMP daemon. \nAn attacker could exploit this vulnerability by using the static \ncommunity string in SNMP version 1 queries to an affected device."}], "lastModified": "2024-06-26T12:44:29.693", "sourceIdentifier": "sirt@brocade.com"}