CVE-2024-29950

CWE-3263 documents3 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 61.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedApr 17

Description

The class FileTransfer implemented in Brocade SANnav before v2.3.1, v2.3.0a, uses the ssh-rsa signature scheme, which has a SHA-1 hash. The vulnerability could allow a remote, unauthenticated attacker to perform a man-in-the-middle attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/brocade_sannavversions before Brocade SANnav v2.3.1, v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-m34x-wh4m-w7q3: The class FileTransfer implemented in Brocade SANnav before v22024-04-17
CVEList
Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption2024-04-17
CVE-2024-29950 (MEDIUM CVSS 5.9) | The class FileTransfer implemented | cvebase.io