← back
CVE-2024-29967

In Brocade SANnav before v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points

CVSS 4.4 MEDIUMEPSS 0.2%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Apr 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
Brocade · Brocade SANnav

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.broadcom.com/external/content/SecurityAdvisories/0/23254