Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

Published

2024-06-26T00:15:10.263

Last Modified

2024-11-21T09:08:41.527

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-312
Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	broadcom	fabric_operating_system	< 8.2.3e	Yes
Operating System	broadcom	fabric_operating_system	< 9.1.1d	Yes
Operating System	broadcom	fabric_operating_system	< 9.2.0b	Yes

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240822-0010/ (af854a3a-2127-422b-91ae-364da2661108)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)