Products
Brocade SANnav
- before v2.3.1
- v2.3.0a
Source
sirt@brocade.com
Tags
CVE-2024-29961 details
Published : April 19, 2024, 4:15 a.m.
Last Modified : April 19, 2024, 1:10 p.m.
Last Modified : April 19, 2024, 1:10 p.m.
Description
A vulnerability affects Brocade SANnav before v2.3.1 and v2.3.0a. It allows a Brocade SANnav service to send ping commands in the background at regular intervals to gridgain.com to check if updates are available for the Component. This could make an unauthenticated, remote attacker aware of the behavior and launch a supply-chain attack against a Brocade SANnav appliance.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.2 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
8.2
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References
URL | Source |
---|---|
https://support.broadcom.com/external/content/SecurityAdvisories/0/23246 | sirt@brocade.com |
This website uses the NVD API, but is not approved or certified by it.