CVE-2024-29965

EUVD-2024-26939
In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
broadcombrocade_sannav
𝑥
< 2.3.0a
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
brocadesannav
𝑥
< 2.3.0a
ADP
Common Weakness Enumeration
References
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250