CVE-2024-29969Inadequate Encryption Strength in Brocade Sannav

CWE-326Inadequate Encryption Strength3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 61.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Sannav
Timeline
PublishedApr 19

Description

When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDbroadcom/brocade_sannav2.2.22.3.0a
CVEListV5brocade/brocade_sannavbefore v2.3.1, v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-v596-2mxw-3xh7: When a Brocade SANnav installation is upgraded from Brocade SANnav v22024-04-19
CVEList
TLS/SSL weak message authentication code ciphers are added by default for port 180822024-04-19
CVE-2024-29969 — Inadequate Encryption Strength | cvebase