CVE-2024-29954

June 26, 2024, 12:44 p.m.

5.9
Medium

Description

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

Product(s) Impacted

Product Versions
Brocade Fabric OS
  • ['before v9.2.1', 'v9.2.0b', 'v9.1.1d', 'v8.2.3e']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226

Tags

CWE-312
sirt@brocade.com
2024-06-26
CVE-2024-29954

CVSS Score

5.9 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

    View Vector String

Timeline

Published: June 26, 2024, 12:15 a.m.
Last Modified: June 26, 2024, 12:44 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

sirt@brocade.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.