CVE-2023-31925

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 88.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedAug 31

Description

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5brocade/brocade_sannavBrocade SANnav before v2.3.0 and v2.2.2a

🔴Vulnerability Details

2
GHSA
GHSA-4x99-8pj6-g63h: Brocade SANnav before v22023-08-31
CVEList
Storage of clear text password in Brocade SANnav2023-08-31
CVE-2023-31925 (MEDIUM CVSS 6.5) | Brocade SANnav before v2.3.0 and v2 | cvebase.io