CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29963 – Brocade SANnav contains hardcoded TLS keys used by Docker
https://notcve.org/view.php?id=CVE-2024-29963
19 Apr 2024 — Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries. Brocade SANnav OVA anterior a v2.3.1 y v2.3.0a contiene claves codificadas utilizadas por Docker para acceder a registros remotos a través de TLS. Las conexiones TLS con una clave expuesta permiten a un atacante MITM el tráfico. Nota: Brocade SANnav no tiene acceso a registros Docker remotos. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23247 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29961 – supply-chain attack risk
https://notcve.org/view.php?id=CVE-2024-29961
19 Apr 2024 — A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance. Una vulnerabilidad afecta a Brocade SANnav anterior a v2.3.1 y v2.3.0a. Permite que un servicio Brocade SANnav envíe comandos de ping en s... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23246 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29960 – Identical SSH keys utilized inside the OVA image (CVE-2024-29960)
https://notcve.org/view.php?id=CVE-2024-29960
19 Apr 2024 — In Brocade SANnav server before v2.3.1 and v2.3.0a, the SSH keys inside the OVA image are identical in the VM every time SANnav is installed. Any Brocade SAnnav VM based on the official OVA images is vulnerable to MITM over SSH. An attacker can decrypt and compromise the SSH traffic to the SANnav. En las versiones del servidor Brocade SANnav anteriores a v2.3.1 y v2.3.0a, las claves SSH dentro de la imagen OVA están codificadas y son idénticas en la VM cada vez que se instala SANnav. Cualquier máquina virtu... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23244 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29959 – Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save
https://notcve.org/view.php?id=CVE-2024-29959
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime contraseñas cifradas del conmutador Brocade Fabric OS en el guardado de soporte del nodo Brocade SANnav Standby. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23243 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29958 – Encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node.
https://notcve.org/view.php?id=CVE-2024-29958
19 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. This could provide attackers an additional, less protected path to acquiring the encryption key. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la clave de cifrado en la consola cuando un usuario privilegiado ejecuta el script para reemplazar el nodo en espera del Portal de admin... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23242 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29957 – Encryption key is stored in the DR log files
https://notcve.org/view.php?id=CVE-2024-29957
19 Apr 2024 — When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key. Cuando los servidores Brocade SANnav anteriores a v2.3.1 y v2.3.0a están configurados en modo de recuperación de desastres, la clave de cifrado se almacena en los archivos de registro de recuperación ante desastres. Esto podría proporcionar a los atacantes una rut... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23241 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29956 – cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav
https://notcve.org/view.php?id=CVE-2024-29956
18 Apr 2024 — A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints the Brocade SANnav password in clear text in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav. Una vulnerabilidad en Brocade SANnav anterior a v2.3.1 y v2.3.0a imprime la contraseña de Brocade SANnav en texto plano en los registros de guardado de soporte cuando un usuario programa un cambio de guardado de soporte desde Brocade SANnav. • https://support.broadcom.com/external/content/SecurityAdvisories/0/23240 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29950 – Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption
https://notcve.org/view.php?id=CVE-2024-29950
17 Apr 2024 — The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack. La clase FileTransfer implementada en Brocade SANnav antes de v2.3.1, v2.3.0a, utiliza el esquema de firma ssh-rsa, que tiene un hash SHA-1. La vulnerabilidad podría permitir que un atacante remoto y no autenticado realice un ataque de intermediario. The class FileTransfe... • https://support.broadcom.com/external/content/SecurityAdvisories/0/23236 • CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5973 – Truncated port name
https://notcve.org/view.php?id=CVE-2023-5973
05 Apr 2024 — Brocade Web Interface in Brocade Fabric OS v9.x and before v9.2.0 does not properly represent the portName to the user if the portName contains reserved characters. This could allow an authenticated user to alter the UI of the Brocade Switch and change ports display. La interfaz web de Brocade en Brocade Fabric OS v9.x y versiones anteriores a v9.2.0 no representa correctamente el nombre del puerto para el usuario si el nombre del puerto contiene caracteres reservados. Esto podría permitir a un usuario aute... • https://security.netapp.com/advisory/ntap-20240628-0005 • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-3454 – Brocade Fabric OS Remote Code Execution / Information Disclosure
https://notcve.org/view.php?id=CVE-2023-3454
04 Apr 2024 — Remote code execution (RCE) vulnerability in Brocade Fabric OS after v9.0 and before v9.2.0 could allow an attacker to execute arbitrary code and use this to gain root access to the Brocade switch. Vulnerabilidad de ejecución remota de código (RCE) en Brocade Fabric OS posterior a v9.0 y anterior a v9.2.0 podría permitir a un atacante ejecutar código arbitrario y usarlo para obtener acceso raíz al conmutador Brocade. Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not... • https://packetstorm.news/files/id/190177 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •