CVE-2024-29966

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29966

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

B

rocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

References
Link Resource
https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 Vendor Advisory
https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
History

04 Feb 2025, 15:44

Type Values Removed Values Added
First Time Broadcom
Broadcom brocade Sannav
CPE cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
References () https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 - () https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 - Vendor Advisory

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 - () https://support.broadcom.com/external/content/SecurityAdvisories/0/23255 -
Information

Published : 2024-04-19 05:15

Updated : 2025-02-04 15:44

NVD link : CVE-2024-29966

Mitre link : CVE-2024-29966

CVE.ORG link : CVE-2024-29966

JSON object : View

Products Affected

broadcom

CWE
CWE-798

Use of Hard-coded Credentials