Brocade SANnav before SANnav 2.3.1b
enables weak TLS ciphers on ports 443 and 18082. In case of a successful
exploit, an attacker can read Brocade SANnav data stream that includes
monitored Brocade Fabric OS switches performance data, port status,
zoning information, WWNs, IP Addresses, but no customer data, no
personal data and no secrets or passwords, as it travels across the
network.
History

Tue, 26 Aug 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Broadcom
Broadcom brocade Sannav
CPEs cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*
Vendors & Products Broadcom
Broadcom brocade Sannav
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00038}

epss

{'score': 0.00035}


Tue, 18 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 14 Feb 2025 23:30:00 +0000

Type Values Removed Values Added
Description Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.
Title Weak TLS Ciphers on Brocade SANnav port 443 & 18082
Weaknesses CWE-327
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: brocade

Published:

Updated: 2025-02-18T16:28:38.800Z

Reserved: 2024-10-25T23:28:06.111Z

Link: CVE-2024-10405

cve-icon Vulnrichment

Updated: 2025-02-18T16:28:24.386Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-15T00:15:13.023

Modified: 2025-08-26T19:44:01.380

Link: CVE-2024-10405

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:16:14Z