CVE-2024-10403
21.11.2024, 11:15
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.Enginsight
| Vendor | Product | Version |
|---|---|---|
| broadcom | fabric_operating_system | 𝑥 < 9.2.0c1 |
| broadcom | fabric_operating_system | 9.2.1 ≤ 𝑥 < 9.2.1a1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-528 - Exposure of Core Dump File to an Unauthorized Control SphereThe product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.
- CWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.