CVE-2022-33187 - OpenCVE

Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Brocade Sannav

Configuration 1 [-]

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122

History

No history.

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2022-12-09T01:48:24.949Z

Updated: 2024-08-03T08:01:20.304Z

Reserved: 2022-06-13T17:49:51.966Z

Link: CVE-2022-33187

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-09T02:15:09.070

Modified: 2023-11-07T03:48:18.420

Link: CVE-2022-33187

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-33187", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-06-13T17:49:51.966Z", "datePublished": "2022-12-09T01:48:24.949Z", "dateUpdated": "2024-08-03T08:01:20.304Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Brocade SANnav", "vendor": "Brocade", "versions": [{"status": "affected", "version": "Brocade SANnav versions before v2.2.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nBrocade SANnav before v2.2.1 logs usernames and encoded passwords in \ndebug-enabled logs. The vulnerability could allow an attacker with admin\n privilege to read sensitive information.\n\n"}], "value": "Brocade SANnav before v2.2.1 logs usernames and encoded passwords in \ndebug-enabled logs. The vulnerability could allow an attacker with admin\n privilege to read sensitive information.\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2022-12-09T01:48:24.949Z"}, "references": [{"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122"}], "source": {"discovery": "UNKNOWN"}, "title": "Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:01:20.304Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "matchCriteriaId": "47FCF79D-70A4-4335-9ACF-D5DA8B6DBE3D", "versionEndExcluding": "2.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Brocade SANnav before v2.2.1 logs usernames and encoded passwords in \ndebug-enabled logs. The vulnerability could allow an attacker with admin\n privilege to read sensitive information.\n\n"}, {"lang": "es", "value": "Brocade SANnav anterior a v2.2.1 registra nombres de usuarios y contrase\u00f1as codificadas en registros habilitados para depuraci\u00f3n. La vulnerabilidad podr\u00eda permitir que un atacante con privilegios de administrador lea informaci\u00f3n confidencial."}], "id": "CVE-2022-33187", "lastModified": "2023-11-07T03:48:18.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "sirt@brocade.com", "type": "Secondary"}]}, "published": "2022-12-09T02:15:09.070", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2022-2122"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "sirt@brocade.com", "type": "Secondary"}]}