Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29965

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

Published

2024-04-19T05:15:49.390

Last Modified

2025-02-04T15:45:17.783

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-922
Type: Primary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	brocade_sannav	< 2.3.0a	Yes

References

https://support.broadcom.com/external/content/SecurityAdvisories/0/23250 Vendor Advisory ([email protected])
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)