CVE-2024-29957

CWE-532Log File Information Exposure3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 47.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedApr 19

Description

When Brocade SANnav before v2.3.1 and v2.3.0a servers are configured in Disaster Recovery mode, the encryption key is stored in the DR log files. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/brocade_sannavbefore v2.3.1 and v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-jw6c-wq8m-h8g9: When Brocade SANnav before v22024-04-19
CVEList
Encryption key is stored in the DR log files2024-04-19
CVE-2024-29957 (HIGH CVSS 7.5) | When Brocade SANnav before v2.3.1 a | cvebase.io