CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43936 – Brocade Fabric OS switch passwords when debugging is enabled
https://notcve.org/view.php?id=CVE-2022-43936
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21218 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43933 – configuration secrets are logged in support-save
https://notcve.org/view.php?id=CVE-2022-43933
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21221 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7516 – Brocade Fabric OS before 9.2.2 does not enforce strict host key checking
https://notcve.org/view.php?id=CVE-2024-7516
A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25177 • CWE-322: Key Exchange without Entity Authentication •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4173 – SANnav versions exposes Kafka in the wan interface.
https://notcve.org/view.php?id=CVE-2024-4173
A vulnerability in Brocade SANnav exposes Kafka in the wan interface. The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav. Una vulnerabilidad en las versiones ova de Brocade SANnav anteriores a Brocade SANnav v2.3.1 y v2.3.0a expone a Kafka en la interfaz wan. La vulnerabilidad podría permitir que un atacante no autenticado realice varios ataques, incluido DOS, el dispositivo Brocade SANnav. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23285 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4162 – Segmentation fault in Brocade Fabric OS after Brocade Fabric OS v9.0
https://notcve.org/view.php?id=CVE-2023-4162
A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS swith using the cli “passwdcfg --set -expire -minDiff“. Puede producirse un fallo de segmentación en Brocade Fabric OS después de Brocade Fabric OS v9.0 y antes de Brocade Fabric OS v9.2.0a a través del comando "passwdcfg". Esto podría permitir que un usuario privilegiado autenticado local bloquease un Brocade Fabric OS swith utilizando el cli "passwdcfg --set -expire -minDiff". • https://security.netapp.com/advisory/ntap-20231124-0010 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22513 • CWE-125: Out-of-bounds Read CWE-252: Unchecked Return Value CWE-400: Uncontrolled Resource Consumption •