Today > 5 Critical | 7 High | 33 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-10403

Nov. 21, 2024, 1:57 p.m.

Tags

sirt@brocade.com
2024-11-21
CVE-2024-10403
CWE-528

Product(s) Impacted

Brocade Fabric OS

  • before 8.2.3e2
  • 9.0.0 - 9.2.0c
  • 9.2.1 - 9.2.1a

Description

Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave.

Weaknesses

CWE-528
Exposure of Core Dump File to an Unauthorized Control Sphere

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

CWE ID: 528

Date

Published: Nov. 21, 2024, 11:15 a.m.

Last Modified: Nov. 21, 2024, 1:57 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

sirt@brocade.com

References

https://support.broadcom.com/ sirt@brocade.com