CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29964 – Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files
https://notcve.org/view.php?id=CVE-2024-29964
19 Apr 2024 — Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files. Las instancias de Docker en Brocade SANnav anteriores a v2.3.1 y v2.3.0a tienen una arquitectura y configuración inseguras que generan múltiples vulnerabilidades. Los demonios de Docker están expuestos a la interfaz WAN y otras vulnerabilidades permiten un control total sobre el dispositivo Ova. Una ... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23249 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29962 – Insecure file permission setting that makes files world-readable
https://notcve.org/view.php?id=CVE-2024-29962
19 Apr 2024 — Brocade SANnav OVA before v2.3.1 and v2.3.0a have an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileges to access sensitive information or a Java binary. Brocade SANnav OVA anteriores a v2.3.1 y v2.3.0a tienen una configuración de permisos de archivos inseguros que hace que los archivos sean legibles en todo el mundo. Esto podría permitir que un usuario local sin los privilegios necesarios acceda a información confidencial o a un b... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23248 • CWE-276: Incorrect Default Permissions •
CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29963 – Brocade SANnav contains hardcoded TLS keys used by Docker
https://notcve.org/view.php?id=CVE-2024-29963
19 Apr 2024 — Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. Brocade SANnav OVA anterior a v2.3.1 y v2.3.0a contiene claves codificadas utilizadas por Docker para acceder a registros remotos a través de TLS. Las conexiones TLS con una clave expuesta permiten a un atacante MITM el tráfico. Nota: Brocade SANnav no tiene acceso a registros Docker remotos. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23247 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29961 – supply-chain attack risk
https://notcve.org/view.php?id=CVE-2024-29961
19 Apr 2024 — A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. Una vulnerabilidad afecta a Brocade SANnav anterior a v2.3.1 y v2.3.0a. Permite que un servicio Brocade SANnav envíe comandos de ping en s... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23246 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29960 – Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
https://notcve.org/view.php?id=CVE-2024-29960
19 Apr 2024 — In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. En las versiones del servidor Brocade SANnav anteriores a v2.3.1 y v2.3.0a, las claves SSH dentro de la imagen OVA están codificadas y son idénticas en la VM cada vez que se instala SANnav. Cualquier máquina virtu... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23244 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29959 – Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save
https://notcve.org/view.php?id=CVE-2024-29959
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime contraseñas cifradas del conmutador Brocade Fabric OS en el guardado de soporte del nodo Brocade SANnav Standby. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23243 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29958 – Encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node.
https://notcve.org/view.php?id=CVE-2024-29958
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la clave de cifrado en la consola cuando un usuario privilegiado ejecuta el script para reemplazar el nodo en espera del Portal de admin... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23242 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29957 – Encryption key is stored in the DR log files
https://notcve.org/view.php?id=CVE-2024-29957
19 Apr 2024 — When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Cuando los servidores Brocade SANnav anteriores a v2.3.1 y v2.3.0a están configurados en modo de recuperación de desastres, la clave de cifrado se almacena en los archivos de registro de recuperación ante desastres. Esto podría proporcionar a los atacantes una rut... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23241 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29956 – cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav
https://notcve.org/view.php?id=CVE-2024-29956
18 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la contraseña de Brocade SANnav en texto plano en los registros de guardado de soporte cuando un usuario programa un cambio de guardado de soporte desde Brocade SANnav. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29950 – Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption
https://notcve.org/view.php?id=CVE-2024-29950
17 Apr 2024 — The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. La clase FileTransfer implementada en Brocade SANnav antes de v2.3.1, v2.3.0a, utiliza el esquema de firma ssh-rsa, que tiene un hash SHA-1. La vulnerabilidad podría permitir que un atacante remoto y no autenticado realice un ataque de intermediario. The class FileTransfe... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23236 • CWE-326: Inadequate Encryption Strength •