CVE-2024-29961

EUVD-2024-26935
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
broadcombrocade_sannav
𝑥
< 2.3.0a
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
brocadesannav
𝑥
< 2.3.1
ADP
brocadesannav
𝑥
< 2.3.0a
ADP
Common Weakness Enumeration
References
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246