CVE-2024-10403

Nov. 21, 2024, 1:57 p.m.

None
No Score

Description

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Product(s) Impacted

Product Versions
Brocade Fabric OS
  • ['before 8.2.3e2', '9.0.0 - 9.2.0c', '9.2.1 - 9.2.1a']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-528
Exposure of Core Dump File to an Unauthorized Control Sphere
The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25145

Tags

sirt@brocade.com
2024-11-21
CVE-2024-10403
CWE-528

Timeline

Published: Nov. 21, 2024, 11:15 a.m.
Last Modified: Nov. 21, 2024, 1:57 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

sirt@brocade.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.