CVE-2024-29958

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a

Description The issue is related to insufficient protection of registration data, which could allow a remote attacker to gain unauthorized access to protected information. A vulnerability in Brocade SANnav prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node, providing attackers an additional path to acquiring the encryption key.

Recommendations For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the console output when executing the script to replace the Brocade SANnav Management Portal standby node.