CVE-2024-29965

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a

Description The issue is related to the backup function in Brocade SANnav, which stores confidential information insecurely. This allows a local attacker to recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches. The backups can be created from the web interface or the command line interface, and the resulting files are world-readable.

Recommendations For Brocade SANnav versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. For Brocade SANnav version 2.3.0a, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup function to minimize the risk of exploitation.