CVE-2024-29957

Encryption key is stored in the DR log files

CVSS 7.5 HIGHEPSS 0.3%CWE-532

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Brocade · Brocade SANnav

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/23241