CVE-2024-10404

14.02.2025, 04:15

CalInvocationHandler in Brocade
SANnav before 2.3.1b logs sensitive information in clear text. The
vulnerability could allow an authenticated, local attacker to view
Brocade Fabric OS switch sensitive information in clear text. An
attacker with administrative privileges could retrieve sensitive
information including passwords; SNMP responses that contain AuthSecret
and PrivSecret after collecting a supportsave or getting access to an
already collected supportsave. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
brocade	CNA	5.5 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-312 - Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25403