CVE-2024-29954

Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1 Brocade Fabric OS versions prior to 9.2.0b Brocade Fabric OS versions prior to 9.1.1d Brocade Fabric OS versions prior to 8.2.3e

Description A vulnerability in the password management API prints sensitive information in log files, allowing an authenticated user to view server passwords for protocols such as scp and sftp. This occurs when the firmwaredownload command is incorrectly entered or points to an erroneous file, capturing the failed command, including any password entered in the command line.

Recommendations For versions prior to 9.2.1, update to version 9.2.1 or later to resolve the issue. For versions prior to 9.2.0b, update to version 9.2.0b or later to resolve the issue. For versions prior to 9.1.1d, update to version 9.1.1d or later to resolve the issue. For versions prior to 8.2.3e, update to version 8.2.3e or later to resolve the issue. As a temporary workaround, consider restricting access to the firmware download log to minimize the risk of exploitation.