PT-2024-23170 · Brocade · Brocade Sannav
Pierre Barre
·
Published
2024-04-19
·
Updated
2025-02-04
·
CVE-2024-29961
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.3.1
Brocade SANnav version 2.3.0a
Description
The issue allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
Recommendations
For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later.
For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later.
As a temporary workaround, consider disabling the update check feature that sends ping commands to gridgain.com until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Sannav