Products
Brocade Fabric OS
- before v9.2.1
- v9.2.0b
- v9.1.1d
- v8.2.3e
Source
sirt@brocade.com
Tags
CVE-2024-29954 details
Published : June 26, 2024, 12:15 a.m.
Last Modified : June 26, 2024, 12:44 p.m.
Last Modified : June 26, 2024, 12:44 p.m.
Description
A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.
CVSS Score
| 1 | 2 | 3 | 4 | 5.9 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-312 | Cleartext Storage of Sensitive Information | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
5.9
Exploitability Score
1.5
Impact Score
4.0
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226 | sirt@brocade.com |
This website uses the NVD API, but is not approved or certified by it.