CVE-2024-29952

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.

References

Link	Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238	Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23238	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

History

04 Feb 2025, 16:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:broadcom:brocade_sannav::::::::
First Time		Broadcom Broadcom brocade Sannav
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 - Vendor Advisory

21 Nov 2024, 09:08

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -~~	() https://support.broadcom.com/external/content/SecurityAdvisories/0/23238 -

Information

Published : 2024-04-17 22:15

Updated : 2025-02-04 16:02

NVD link : CVE-2024-29952

Mitre link : CVE-2024-29952

CVE.ORG link : CVE-2024-29952

JSON object : View

Products Affected

brocade_sannav

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-29952", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-04-17T22:15:08.080", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-312"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a podr\u00eda permitir que un usuario autenticado imprima las contrase\u00f1as del almac\u00e9n de claves Auth, Priv y SSL en registros no cifrados manipulando variables de comando."}], "lastModified": "2025-02-04T16:02:13.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}