Products
Brocade Fabric OS
- v9.2.1
- v9.2.0b
- v9.1.1d
Source
sirt@brocade.com
Tags
CVE-2024-29953 details
Published : June 26, 2024, 12:15 a.m.
Last Modified : June 26, 2024, 12:44 p.m.
Last Modified : June 26, 2024, 12:44 p.m.
Description
A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded passwords.
CVSS Score
| 1 | 2 | 3 | 4.3 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-922 | Insecure Storage of Sensitive Information | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
Base Score
4.3
Exploitability Score
2.8
Impact Score
1.4
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
References
| URL | Source |
|---|---|
| https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227 | sirt@brocade.com |
This website uses the NVD API, but is not approved or certified by it.