PT-2024-3803 · Brocade · Brocade Sannav
Published
2024-04-17
·
Updated
2025-02-04
·
CVE-2024-29956
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.3.1
Brocade SANnav version 2.3.0a
Description
A vulnerability in Brocade SANnav is related to the storage of protected information in unencrypted form. The issue allows an attacker to reveal protected information when a user schedules a switch Supportsave from Brocade SANnav, as the Brocade SANnav password is printed in clear text in supportsave logs.
Recommendations
For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.
For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to supportsave logs to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Sannav