CVE-2024-5460Hard-coded Credentials in Fabric Operating System

CWE-798Hard-coded Credentials3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.8%
top 26.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Fabric Operating SystemBrocade Fabric OS
Timeline
PublishedJun 26

Description

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default community string in the configuration file for the SNMP daemon. An attacker could exploit this vulnerability by using the static community string in SNMP version 1 queries to an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5brocade/fabric_osprior to v9.0.0

🔴Vulnerability Details

2
GHSA
GHSA-f7g3-49j4-ghp2: A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v92024-06-26
CVEList
Brocade Fabric OS versions prior to v9.0 have default community strings2024-06-25
CVE-2024-5460 — Hard-coded Credentials | cvebase