CVE-2024-29965 - Vulnerability Details - OpenCVE

In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00234.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Brocade Sannav

Configuration 1 [-]

cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-26939	In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface ("SSH"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.broadcom.com/external/content/SecurityAdvisories/0/23250

History

Tue, 04 Feb 2025 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom brocade Sannav
CPEs		cpe:2.3:a:broadcom:brocade_sannav::::::::
Vendors & Products		Broadcom Broadcom brocade Sannav

MITRE

Status: PUBLISHED

Assigner: brocade

Published: 2024-04-19T04:48:46.279Z

Updated: 2024-08-02T01:17:58.599Z

Reserved: 2024-03-22T05:32:26.687Z

Link: CVE-2024-29965

Vulnrichment

Updated: 2024-08-02T01:17:58.599Z

NVD

Status : Analyzed

Published: 2024-04-19T05:15:49.390

Modified: 2025-02-04T15:45:17.783

Link: CVE-2024-29965

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29965", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "state": "PUBLISHED", "assignerShortName": "brocade", "dateReserved": "2024-03-22T05:32:26.687Z", "datePublished": "2024-04-19T04:48:46.279Z", "dateUpdated": "2024-08-02T01:17:58.599Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Brocade SANnav", "vendor": "Brocade", "versions": [{"status": "affected", "version": " before v2.3.1, and v2.3.0a"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.</span>\n\n"}], "value": "\nIn Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.\n\n"}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-922", "description": "CWE-922: Insecure Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-04-19T04:55:03.276Z"}, "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250"}], "source": {"discovery": "UNKNOWN"}, "title": "Insecure backup", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-20T03:00:28.543253Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"], "vendor": "brocade", "product": "sannav", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0a", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:52.975Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.599Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.599Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-20T03:00:28.543253Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:brocade:sannav:*:*:*:*:*:*:*:*"], "vendor": "brocade", "product": "sannav", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.0a", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-20T02:58:54.579Z"}}], "cna": {"title": "Insecure backup", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Brocade", "product": "Brocade SANnav", "versions": [{"status": "affected", "version": " before v2.3.1, and v2.3.0a"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922: Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade", "dateUpdated": "2024-04-19T04:55:03.276Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29965", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.599Z", "dateReserved": "2024-03-22T05:32:26.687Z", "assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "datePublished": "2024-04-19T04:48:46.279Z", "assignerShortName": "brocade"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brocade_sannav:*:*:*:*:*:*:*:*", "matchCriteriaId": "303EE152-4CED-4655-B035-CB3B91E5E288", "versionEndExcluding": "2.3.0a", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\nIn Brocade SANnav before v2.3.1, and v2.3.0a, it is possible to back up the appliance from the web interface or the command line interface (\"SSH\"). The resulting backups are world-readable. A local attacker can recover backup files, restore them to a new malicious appliance, and retrieve the passwords of all the switches.\n\n"}, {"lang": "es", "value": "En Brocade SANnav anterior a v2.3.1 y v2.3.0a, es posible realizar una copia de seguridad del dispositivo desde la interfaz web o la interfaz de l\u00ednea de comandos (\"SSH\"). Las copias de seguridad resultantes son legibles en todo el mundo. Un atacante local puede recuperar archivos de respaldo, restaurarlos en un nuevo dispositivo malicioso y recuperar las contrase\u00f1as de todos los conmutadores."}], "id": "CVE-2024-29965", "lastModified": "2025-02-04T15:45:17.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "sirt@brocade.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-19T05:15:49.390", "references": [{"source": "sirt@brocade.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/23250"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "sirt@brocade.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-922"}], "source": "nvd@nist.gov", "type": "Primary"}]}