CVE-2024-10404

Name of the Vulnerable Software and Affected Versions Brocade SANnav versions prior to 2.3.1b

Description The issue allows an authenticated, local attacker to view sensitive information in clear text, including passwords and SNMP responses that contain AuthSecret and PrivSecret. This can occur after collecting a "supportsave" or gaining access to an already collected "supportsave". An attacker with administrative privileges could exploit this.

Recommendations For versions prior to 2.3.1b, update to version 2.3.1b or later to resolve the issue. As a temporary workaround, consider restricting access to the "supportsave" feature to minimize the risk of exploitation.