CVE-2024-10403

Name of the Vulnerable Software and Affected Versions: Brocade Fabric OS versions before 8.2.3e2 Brocade Fabric OS versions 9.0.0 through 9.2.0c Brocade Fabric OS versions 9.2.1 through 9.2.1a

Description: The issue is related to the exposure of sensitive information, specifically the SFTP/FTP server password used for firmware download operations. This password can be captured in a weblinker core dump file, which may be accessed by unauthorized users. The vulnerability allows an attacker to disclose protected information.

Recommendations: For Brocade Fabric OS versions before 8.2.3e2, upgrade to version 8.2.3e2 or later. For Brocade Fabric OS versions 9.0.0 through 9.2.0c, upgrade to version 9.2.0c or later, but ideally to a version outside of this range. For Brocade Fabric OS versions 9.2.1 through 9.2.1a, upgrade to a version later than 9.2.1a. As a temporary workaround, consider restricting access to the weblinker core dump files to minimize the risk of exploitation.