CVE-2024-29966

CWE-798Hard-coded Credentials3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 39.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedApr 19

Description

Brocade SANnav OVA before v2.3.1 and v2.3.0a contain hard-coded credentials in the documentation that appear as the appliance's root password. The vulnerability could allow an unauthenticated attacker full access to the Brocade SANnav appliance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/brocade_sannavbefore v2.3.1 and v2.3.0a

🔴Vulnerability Details

2
CVEList
hard-coded credentials in the documentation that appear as the appliance root password2024-04-19
GHSA
GHSA-7jhj-m58m-cg57: Brocade SANnav OVA before v22024-04-19
CVE-2024-29966 (CRITICAL CVSS 9.8) | Brocade SANnav OVA before v2.3.1 an | cvebase.io