CVE-2022-43933

CWE-538CWE-532Log File Information Exposure3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 92.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Sannav
Timeline
PublishedNov 21
Latest updateFeb 4

Description

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/sannavbefore Brocade SANnav 2.2.2

🔴Vulnerability Details

2
GHSA
GHSA-76rj-9h8w-cwx9: An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 22025-02-04
CVEList
configuration secrets are logged in support-save2024-11-21
CVE-2022-43933 (MEDIUM CVSS 4.4) | An information exposure through log | cvebase.io