CVE-2024-10403
SFTP/FTP password could be captured in plain text in Supportsave generated from SANnav
Brocade Fabric OS versions before
8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can
capture the SFTP/FTP server password used for a firmware download
operation initiated by SANnav or through WebEM in a weblinker core dump
that is later captured via supportsave.
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Brocade · Fabric OSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →