CVE-2024-10404

Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave

CVSS 5.5 MEDIUMEPSS 0.1%CWE-312

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 fev 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Produtos afetados

Brocade · Brocade SANnav

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403