cvelistv5 - cve-2024-29960

cve-2024-29960

Vulnerability from cvelistv5

Published

2024-04-19 03:30

Modified

2024-08-02 01:17

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.

References

▼	URL	Tags
	sirt@brocade.com	https://support.broadcom.com/external/content/SecurityAdvisories/0/23244	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.broadcom.com/external/content/SecurityAdvisories/0/23244	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Brocade	Brocade SANnav	Version: before v2.3.1 and v2.3.0a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "sannav",
                  vendor: "brocade",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "sannav",
                  vendor: "brocade",
                  versions: [
                     {
                        status: "affected",
                        version: "*",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-29960",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-04-29T18:34:09.303371Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:57:32.684Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T01:17:58.593Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "affected",
               product: "Brocade SANnav",
               vendor: "Brocade",
               versions: [
                  {
                     status: "affected",
                     version: "before v2.3.1 and v2.3.0a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<div>\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.</span>\n\n</div>",
                  },
               ],
               value: "\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\n\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-70",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-70 Try Common or Default Usernames and Passwords",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-798",
                     description: "CWE-798 Use of Hard-coded Credentials",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-04-26T21:57:23.529Z",
            orgId: "87b297d7-335e-4844-9551-11b97995a791",
            shortName: "brocade",
         },
         references: [
            {
               url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Identical SSH keys utilized inside the OVA image (CVE-2024-29960)",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791",
      assignerShortName: "brocade",
      cveId: "CVE-2024-29960",
      datePublished: "2024-04-19T03:30:51.466Z",
      dateReserved: "2024-03-22T05:23:33.322Z",
      dateUpdated: "2024-08-02T01:17:58.593Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-29960\",\"sourceIdentifier\":\"sirt@brocade.com\",\"published\":\"2024-04-19T04:15:10.270\",\"lastModified\":\"2025-02-04T15:53:21.440\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\\n\\n\"},{\"lang\":\"es\",\"value\":\"En las versiones del servidor Brocade SANnav anteriores a v2.3.1 y v2.3.0a, las claves SSH dentro de la imagen OVA están codificadas y son idénticas en la VM cada vez que se instala SANnav. Cualquier máquina virtual Brocade SANnav basada en las imágenes OVA oficiales es vulnerable a MITM a través de SSH. Un atacante puede descifrar y comprometer el tráfico SSH al dispositivo SANnav.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sirt@brocade.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"sirt@brocade.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.0a\",\"matchCriteriaId\":\"303EE152-4CED-4655-B035-CB3B91E5E288\"}]}]}],\"references\":[{\"url\":\"https://support.broadcom.com/external/content/SecurityAdvisories/0/23244\",\"source\":\"sirt@brocade.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.broadcom.com/external/content/SecurityAdvisories/0/23244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.broadcom.com/external/content/SecurityAdvisories/0/23244\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:17:58.593Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29960\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-29T18:34:09.303371Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*\"], \"vendor\": \"brocade\", \"product\": \"sannav\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*\"], \"vendor\": \"brocade\", \"product\": \"sannav\", \"versions\": [{\"status\": \"affected\", \"version\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-29T18:33:12.179Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Identical SSH keys utilized inside the OVA image (CVE-2024-29960)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-70\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-70 Try Common or Default Usernames and Passwords\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Brocade\", \"product\": \"Brocade SANnav\", \"versions\": [{\"status\": \"affected\", \"version\": \"before v2.3.1 and v2.3.0a\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.broadcom.com/external/content/SecurityAdvisories/0/23244\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"<div>\\n\\n<span style=\\\"background-color: rgb(255, 255, 255);\\\">In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.</span>\\n\\n</div>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-798\", \"description\": \"CWE-798 Use of Hard-coded Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"87b297d7-335e-4844-9551-11b97995a791\", \"shortName\": \"brocade\", \"dateUpdated\": \"2024-04-26T21:57:23.529Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-29960\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:17:58.593Z\", \"dateReserved\": \"2024-03-22T05:23:33.322Z\", \"assignerOrgId\": \"87b297d7-335e-4844-9551-11b97995a791\", \"datePublished\": \"2024-04-19T03:30:51.466Z\", \"assignerShortName\": \"brocade\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

fkie_cve-2024-29960

Vulnerability from fkie_nvd

Published

2024-04-19 04:15

Modified

2025-02-04 15:53

Severity ?

6.8 (Medium) - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	sirt@brocade.com	https://support.broadcom.com/external/content/SecurityAdvisories/0/23244	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.broadcom.com/external/content/SecurityAdvisories/0/23244	Vendor Advisory

Impacted products

	Vendor	Product	Version
	broadcom	brocade_sannav	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "303EE152-4CED-4655-B035-CB3B91E5E288",
                     versionEndExcluding: "2.3.0a",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\n\n",
      },
      {
         lang: "es",
         value: "En las versiones del servidor Brocade SANnav anteriores a v2.3.1 y v2.3.0a, las claves SSH dentro de la imagen OVA están codificadas y son idénticas en la VM cada vez que se instala SANnav. Cualquier máquina virtual Brocade SANnav basada en las imágenes OVA oficiales es vulnerable a MITM a través de SSH. Un atacante puede descifrar y comprometer el tráfico SSH al dispositivo SANnav.",
      },
   ],
   id: "CVE-2024-29960",
   lastModified: "2025-02-04T15:53:21.440",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 0.9,
            impactScore: 5.9,
            source: "sirt@brocade.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "ADJACENT_NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-04-19T04:15:10.270",
   references: [
      {
         source: "sirt@brocade.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
      },
   ],
   sourceIdentifier: "sirt@brocade.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-798",
            },
         ],
         source: "sirt@brocade.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-798",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

ghsa-xcp9-jx79-m233

Vulnerability from github

Published

2024-04-19 06:30

Modified

2025-02-04 18:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are hardcoded and identical in the VM every time SANnav is installed. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav appliance.

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2024-29960",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-798",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-04-19T04:15:10Z",
      severity: "HIGH",
   },
   details: "In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are hardcoded and identical in the VM every time SANnav is installed. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav appliance.",
   id: "GHSA-xcp9-jx79-m233",
   modified: "2025-02-04T18:30:44Z",
   published: "2024-04-19T06:30:27Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29960",
      },
      {
         type: "WEB",
         url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
         type: "CVSS_V3",
      },
   ],
}

gsd-2024-29960

Vulnerability from gsd

Modified

2024-04-03 05:02

Details

Aliases

CVE-2024-29960

JSON

To clipboard

{
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2024-29960",
         ],
         details: "In the Brocade SANnav server versions before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are hardcoded and identical in the VM every time SANnav is installed. Any Brocade SANnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav appliance.\n\n",
         id: "GSD-2024-29960",
         modified: "2024-04-03T05:02:30.589086Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "sirt@brocade.com",
            ID: "CVE-2024-29960",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Brocade SANnav",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "not down converted",
                                       x_cve_json_5_version_data: {
                                          defaultStatus: "affected",
                                          versions: [
                                             {
                                                status: "affected",
                                                version: "before v2.3.1 and v2.3.0a",
                                             },
                                          ],
                                       },
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Brocade",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\n\n",
               },
            ],
         },
         generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
         impact: {
            cvss: [
               {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        cweId: "CWE-798",
                        lang: "eng",
                        value: "CWE-798 Use of Hard-coded Credentials",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
                  refsource: "MISC",
                  url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
               },
            ],
         },
         source: {
            discovery: "UNKNOWN",
         },
      },
      "nvd.nist.gov": {
         cve: {
            descriptions: [
               {
                  lang: "en",
                  value: "\nIn Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav.\n\n",
               },
               {
                  lang: "es",
                  value: "En las versiones del servidor Brocade SANnav anteriores a v2.3.1 y v2.3.0a, las claves SSH dentro de la imagen OVA están codificadas y son idénticas en la VM cada vez que se instala SANnav. Cualquier máquina virtual Brocade SANnav basada en las imágenes OVA oficiales es vulnerable a MITM a través de SSH. Un atacante puede descifrar y comprometer el tráfico SSH al dispositivo SANnav.",
               },
            ],
            id: "CVE-2024-29960",
            lastModified: "2024-04-26T22:15:07.850",
            metrics: {
               cvssMetricV31: [
                  {
                     cvssData: {
                        attackComplexity: "LOW",
                        attackVector: "ADJACENT_NETWORK",
                        availabilityImpact: "HIGH",
                        baseScore: 6.8,
                        baseSeverity: "MEDIUM",
                        confidentialityImpact: "HIGH",
                        integrityImpact: "HIGH",
                        privilegesRequired: "HIGH",
                        scope: "UNCHANGED",
                        userInteraction: "NONE",
                        vectorString: "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                        version: "3.1",
                     },
                     exploitabilityScore: 0.9,
                     impactScore: 5.9,
                     source: "sirt@brocade.com",
                     type: "Secondary",
                  },
               ],
            },
            published: "2024-04-19T04:15:10.270",
            references: [
               {
                  source: "sirt@brocade.com",
                  url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
               },
            ],
            sourceIdentifier: "sirt@brocade.com",
            vulnStatus: "Awaiting Analysis",
            weaknesses: [
               {
                  description: [
                     {
                        lang: "en",
                        value: "CWE-798",
                     },
                  ],
                  source: "sirt@brocade.com",
                  type: "Secondary",
               },
            ],
         },
      },
   },
}

WID-SEC-W-2024-0915

Vulnerability from csaf_certbund

Published

2024-04-16 22:00

Modified

2024-10-14 22:00

Summary

Broadcom Brocade SANnav: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Brocade SANnav ist eine Managementlösung für Storage Area Networks (SAN).

Angriff

Ein Angreifer kann mehrere Schwachstellen in Broadcom Brocade SANnav ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Informationen offenlegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Brocade SANnav ist eine Managementlösung für Storage Area Networks (SAN).",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Broadcom Brocade SANnav ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Informationen offenlegen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges\n- UNIX",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-0915 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0915.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-0915 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0915",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23239",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23242",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23243",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23246",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23247",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23251",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23253",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23262",
         },
         {
            category: "external",
            summary: "### vom 2024-10-15",
            url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24999",
         },
      ],
      source_lang: "en-US",
      title: "Broadcom Brocade SANnav: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-10-14T22:00:00.000+00:00",
         generator: {
            date: "2024-10-15T08:14:53.994+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-0915",
         initial_release_date: "2024-04-16T22:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-04-16T22:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2024-10-14T22:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates aufgenommen",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<2.3.1",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.1",
                           product_id: "T034280",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.1",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.1",
                           product_id: "T034280-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.0a",
                           product_id: "T034281",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.0a",
                           product_id: "T034281-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.0a",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.0a",
                           product_id: "T034391",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.0a",
                           product_id: "T034391-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.0a",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.1a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.1a",
                           product_id: "T038317",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.1a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.1a",
                           product_id: "T038317-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.1a",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Brocade SANnav",
               },
            ],
            category: "vendor",
            name: "Broadcom",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-39410",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht in der Apache Avro Java SDK-Komponente eines Drittanbieters aufgrund eines unsachgemäßen Eingabevalidierungsproblems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2023-39410",
      },
      {
         cve: "CVE-2024-29952",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29952",
      },
      {
         cve: "CVE-2024-29955",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29955",
      },
      {
         cve: "CVE-2024-29958",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29958",
      },
      {
         cve: "CVE-2024-29959",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29959",
      },
      {
         cve: "CVE-2024-29960",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29960",
      },
      {
         cve: "CVE-2024-29963",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29963",
      },
      {
         cve: "CVE-2024-29969",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29969",
      },
      {
         cve: "CVE-2024-29961",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht, weil der Dienst Ping-Anfragen für Updates senden kann, was einen Supply-Chain-Angriff gegen die Appliance ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29961",
      },
      {
         cve: "CVE-2024-29968",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht, da im Disaster Recovery Modus die Informationen der Datenbanken wie Tabellennamen, Abfragen und Spalten im DR Standby Supportsave gespeichert werden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29968",
      },
   ],
}

wid-sec-w-2024-0915

Vulnerability from csaf_certbund

Published

2024-04-16 22:00

Modified

2024-10-14 22:00

Summary

Broadcom Brocade SANnav: Mehrere Schwachstellen

Notes

Produktbeschreibung

Brocade SANnav ist eine Managementlösung für Storage Area Networks (SAN).

Angriff

Ein Angreifer kann mehrere Schwachstellen in Broadcom Brocade SANnav ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Informationen offenlegen.

Betroffene Betriebssysteme

- Sonstiges - UNIX

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Brocade SANnav ist eine Managementlösung für Storage Area Networks (SAN).",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein Angreifer kann mehrere Schwachstellen in Broadcom Brocade SANnav ausnutzen, um einen Denial of Service Angriff durchzuführen oder vertrauliche Informationen offenlegen.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges\n- UNIX",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-0915 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0915.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-0915 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0915",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23238",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23239",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23242",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23243",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23244",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23246",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23247",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23251",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23253",
         },
         {
            category: "external",
            summary: "Brocade Security Advisory vom 2024-04-16",
            url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/23262",
         },
         {
            category: "external",
            summary: "### vom 2024-10-15",
            url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24999",
         },
      ],
      source_lang: "en-US",
      title: "Broadcom Brocade SANnav: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2024-10-14T22:00:00.000+00:00",
         generator: {
            date: "2024-10-15T08:14:53.994+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-0915",
         initial_release_date: "2024-04-16T22:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-04-16T22:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2024-10-14T22:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates aufgenommen",
            },
         ],
         status: "final",
         version: "2",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<2.3.1",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.1",
                           product_id: "T034280",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.1",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.1",
                           product_id: "T034280-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.1",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.0a",
                           product_id: "T034281",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.0a",
                           product_id: "T034281-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.0a",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.0a",
                           product_id: "T034391",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.0a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.0a",
                           product_id: "T034391-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.0a",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<2.3.1a",
                        product: {
                           name: "Broadcom Brocade SANnav <2.3.1a",
                           product_id: "T038317",
                        },
                     },
                     {
                        category: "product_version",
                        name: "2.3.1a",
                        product: {
                           name: "Broadcom Brocade SANnav 2.3.1a",
                           product_id: "T038317-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:broadcom:brocade_sannav:2.3.1a",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Brocade SANnav",
               },
            ],
            category: "vendor",
            name: "Broadcom",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-39410",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht in der Apache Avro Java SDK-Komponente eines Drittanbieters aufgrund eines unsachgemäßen Eingabevalidierungsproblems. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2023-39410",
      },
      {
         cve: "CVE-2024-29952",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29952",
      },
      {
         cve: "CVE-2024-29955",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29955",
      },
      {
         cve: "CVE-2024-29958",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29958",
      },
      {
         cve: "CVE-2024-29959",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29959",
      },
      {
         cve: "CVE-2024-29960",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29960",
      },
      {
         cve: "CVE-2024-29963",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29963",
      },
      {
         cve: "CVE-2024-29969",
         notes: [
            {
               category: "description",
               text: "Es bestehen mehrere Schwachstellen in Broadcom Brocade SANnav. Diese Fehler bestehen in mehreren Komponenten, die mit Verschlüsselungsprozessen zusammenhängen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29969",
      },
      {
         cve: "CVE-2024-29961",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht, weil der Dienst Ping-Anfragen für Updates senden kann, was einen Supply-Chain-Angriff gegen die Appliance ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29961",
      },
      {
         cve: "CVE-2024-29968",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Broadcom Brocade SANnav. Dieser Fehler besteht, da im Disaster Recovery Modus die Informationen der Datenbanken wie Tabellennamen, Abfragen und Spalten im DR Standby Supportsave gespeichert werden. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.",
            },
         ],
         product_status: {
            known_affected: [
               "T038317",
               "T034391",
               "T034281",
               "T034280",
            ],
         },
         release_date: "2024-04-16T22:00:00.000+00:00",
         title: "CVE-2024-29968",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-29960

Vulnerability from cvelistv5

fkie_cve-2024-29960

Vulnerability from fkie_nvd

ghsa-xcp9-jx79-m233

Vulnerability from github

gsd-2024-29960

Vulnerability from gsd

WID-SEC-W-2024-0915

Vulnerability from csaf_certbund

wid-sec-w-2024-0915

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature