CVE-2024-10404

Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

CVSS 5.5 MEDIUMEPSS 0.1%CWE-312

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 feb 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Productos afectados

Brocade · Brocade SANnav

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403