CVE-2024-10404
Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave
CalInvocationHandler in Brocade
SANnav before 2.3.1b logs sensitive information in clear text. The
vulnerability could allow an authenticated, local attacker to view
Brocade Fabric OS switch sensitive information in clear text. An
attacker with administrative privileges could retrieve sensitive
information including passwords; SNMP responses that contain AuthSecret
and PrivSecret after collecting a “supportsave” or getting access to an
already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
Productos afectados
Brocade · Brocade SANnav¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →