CVE-2022-28166 — Use of a Broken or Risky Cryptographic Algorithm in Sannav

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Sannav Broadcom Brocade Sannav

Timeline

PublishedJun 27

Latest updateJun 28

Description

In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5broadcom/brocade_sannavversions before v2.2.0.2 and v2.1.1.8

▶NVDbroadcom/sannav2.2.0.0 — 2.2.0.2+1

🔴Vulnerability Details

GHSA

GHSA-43wg-828g-gmpq: In Brocade SANnav version before SANN2↗2022-06-28

▶

CVEList

CVE-2022-28166: In Brocade SANnav version before SANN2↗2022-06-27

▶