PT-2024-3104 · Brocade · Brocade Sannav

Published

2024-04-25

Updated

2024-04-25

CVE-2024-4173

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Brocade SANnav (affected versions not specified)

Description A vulnerability in Brocade SANnav exposes Kafka in the wan interface, allowing an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. The issue is also related to the presence of an undocumented user sannav, which could allow an attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Hidden Functionality

Information Disclosure

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-912CWE-200CWE-798

Related Identifiers

BDU:2024-03305

CVE-2024-4173

Affected Products

Brocade Sannav

PT-2024-3104 · Brocade · Brocade Sannav

CVE-2024-4173

Weakness Enumeration

Related Identifiers

Affected Products

References · 7