CVE-2024-29961
supply-chain attack risk
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
Una vulnerabilidad afecta a Brocade SANnav anterior a v2.3.1 y v2.3.0a. Permite que un servicio Brocade SANnav envíe comandos de ping en segundo plano a intervalos regulares a gridgain.com para verificar si hay actualizaciones disponibles para el Componente. Esto podría hacer que un atacante remoto no autenticado se dé cuenta del comportamiento y lance un ataque a la cadena de suministro contra un dispositivo Brocade SANnav.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-03-22 CVE Reserved
- 2024-04-19 CVE Published
- 2024-08-02 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
- CAPEC-94: Adversary in the Middle (AiTM)
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Broadcom Search vendor "Broadcom" | Brocade Sannav Search vendor "Broadcom" for product "Brocade Sannav" | * | - |
Affected
| ||||||
| Brocade Search vendor "Brocade" | Sannav Search vendor "Brocade" for product "Sannav" | * | - |
Affected
| ||||||