CVE-2024-29963

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

3.8LOW

EPSS

0.1%

top 76.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brocade Sannav Brocade Brocade Sannav

Timeline

PublishedApr 19

Description

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

▶NVDbroadcom/brocade_sannav< 2.3.0a

▶CVEListV5brocade/brocade_sannavbefore v2.3.1, and v2.3.0a

🔴Vulnerability Details

GHSA

GHSA-rq82-xjv7-57jq: Brocade SANnav OVA before v2↗2024-04-19

▶

CVEList

Brocade SANnav contains hardcoded TLS keys used by Docker↗2024-04-19

▶