Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10403

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Published

2024-11-21T11:15:16.533

Last Modified

2025-02-04T15:28:04.053

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-528
Type: Primary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	broadcom	fabric_operating_system	< 9.2.0c1	Yes
Operating System	broadcom	fabric_operating_system	< 9.2.1a1	Yes

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145 Vendor Advisory ([email protected])