PT-2024-4306 · Brocade · Brocade Sannav
Pierre Barre
·
Published
2024-04-17
·
Updated
2025-02-04
·
CVE-2024-29960
CVSS v2.0
7.7
High
| Vector | AV:A/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Brocade SANnav versions prior to 2.3.1
Brocade SANnav version 2.3.0a
Description
The issue is related to the use of hardcoded credentials in the Brocade SANnav software. This allows a remote attacker to perform a man-in-the-middle (MITM) attack and decrypt SSH traffic. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH, enabling an attacker to compromise the SSH traffic to the SANnav.
Recommendations
For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.
For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to the SSH connection until a patch is available.
Fix
Information Disclosure
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Brocade Sannav