CVE-2024-29954

CWE-312Cleartext Storage of Sensitive InfoCWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 82.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedJun 26

Description

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

CVEListV5brocade/fabric_osbefore v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e
NVDbroadcom/fabric_operating_system9.0.19.1.1d+2

🔴Vulnerability Details

2
GHSA
GHSA-4j3p-3m7m-jgp4: A vulnerability in a password management API in Brocade Fabric OS versions before v92024-06-26
CVEList
password management API prints sensitive information in log files2024-06-25
CVE-2024-29954 (MEDIUM CVSS 5.5) | A vulnerability in a password manag | cvebase.io